[Vpn-help] Cisco VPN Concentrator 3000 Series

jchajecki at o2.co.uk jchajecki at o2.co.uk
Sat Nov 21 09:53:30 CST 2009


I've been having exacly the same problem. I'm using Windows 7 
Professional 64 bit and Shrew VPN Client 2.1.5 rc4. I'm also trying to 
connect to a VPN 3000 series concentrator. The client seems to 
authenticate, I get the corporate banner and following this the same 
error message, "session terminateford by gateway" at phase2.

Before trying this on 64bit Windows, I tried the same client (2.1.5 
rc4) on Windows 7 Professional, 32bit and it connected fine on that 
platform. The problem, therefore, appears to be confined to the 64bit 
platform.

I also note with curiosity that Jeff Allison found that the problem 
occurred following a Windows update, although he does not state what 
hardware he is attempting to connect to at the remote end. If there was 
some way of determining which updates might have been applied at that 
time (Nov 4/5th) then it might be possible to establish which update 
was responsible and have a better idea of the cause.

I have also tried experimenting with the PFS, cipher and 
authentication settings (including setting PFS Exchange to  group2 as 
per Ultra) but so far I haven't found any comfiguration that works.

Our Cisco client setup uses the usual port 500 for the IKE negotiation 
and port 10000 for the 'TCPTunnelingPort' setting but although I've 
imported in the original Cisco VPN configuration from the .pcf file, I 
don't see this port mentioned in the Shrew VPN config?

I was wondering whether the NAT traversal port (4500) is essential and 
whether it needs to be open on the Firewall? I don't think the Cisco 
client used this.




More information about the vpn-help mailing list