[vpn-help] Can Connect But Can't See Machines
kvpn at live.com
Mon Aug 29 21:08:06 CDT 2011
On 08/03/2011 09:52 PM, Jeremy Banks wrote:
> I have a cisco client that I want to connect to one of our customer's vpns.
> We have Win XP 64bit OS's so generally we run a 32bit vm and connect
> out of that, which is fairly cumbersome.
> I was doing a fresh Win7 64bit install so I thought I would see if I
> could get shrew soft's client going.
> I downloaded and installed 2.1.7 and imported a working pcf. I
> connected and all seemed good out of the box.
> However I can not connect to, or ping, the target machine inside the
> customer's vpn.
> I did some googling and tried changing the NAT Traversal options, but
> that didn't help.
> Any suggestions?
> Any further information that would be useful?
> I don't have the client gateway information at hand, they are in a
> different timezone so I could find it if it is useful, just not until
I wonder if perhaps the final part of the negotiation (Security
Associations) is failing. This happens after the tunnel has been
established and is not part of activity shown on the connect dialog.
You can see the status of the SAs by using the VPN Trace utility. After
connecting to the VPN and starting a ping, click on the Security
Association tab. You should see two entries, one for each direction, in
state MATURE. If you don't see MATURE or there's bytes transferred in
only direction, then there is a configuration problem to debug.
Providing a bug report can help us with that. Remember to change IP
addresses and usernames in the iked.log output to preserve security:
More information about the vpn-help