[Vpn-help] Cisco PIX Security Appliance Software Version 8.0(4) and Shrew Soft VPN Client 2.2.x
Matthew Grooms
mgrooms at shrew.net
Sat May 2 14:15:21 CDT 2009
Jorge Novo wrote:
> Hi,
>
Hi Jorge,
> Client configuration between PIX 8.0(4) and Soft VPN Client can be
> done with this HOWTO:
>
> http://www.shrew.net/support/wiki/HowtoCiscoAsa
>
> or
>
> http://www.shrew.net/support/wiki/HowtoCiscoPix
>
>
> But this HOWTOs are using:
>
> "The client uses the tunnel group name as its FQDN identity value and
> the tunnel group pre-shared-key as its pre-shared key value"
>
This should probably be changed to 'key identifier' since that seems to
be compatible with both PIX and ASA firmware versions.
> A better configuration could be done by using usernames inside the
> tunnel-group, something like this:
>
> username jnovonj password **************** encrypted
> username jnovonj attributes
> vpn-framed-ip-address 192.168.5.1 255.255.255.0
>
> tunnel-group TunnelGroupSCC type remote-access
> tunnel-group TunnelGroupSCC general-attributes
> address-pool VPN_Pool
> tunnel-group TunnelGroupSCC ipsec-attributes
> pre-shared-key *
>
> How is possible to do with Shrew Soft VPN Client?
>
I'm not sure how to answer this question but I'm not sure I understand
it fully to be honest. The PIX and ASA configuration examples in the
support section of our web site were created by following the gateway
configuration documents provided by cisco for a cisco IPsec vpn client.
The Shrew Soft client tries to offer identical behavior.
Do you have a cisco document reference you can share that explains your
proposed changes and why they are more appropriate?
Thanks,
-Matthew
More information about the vpn-help
mailing list