[vpn-help] Configuration for Syswan SW24 VPN
kevin vpn
klmlk at hotmail.com
Fri Mar 4 21:41:30 CST 2011
On Fri, 4 Mar 2011 15:00:10 -0500
"Shane Petersen {Computer Gurus}" <shane at mypcgurus.net> wrote:
> Attached are the Syswan VPN configuration screens. Anyone have a
> recommended configuration that would work with the ShrewSoft VPN
> client?
>
> If the attachments are blocked here are links to view them:
> http://dl.dropbox.com/u/522926/SysWanIKESetup.JPG
> http://dl.dropbox.com/u/522926/SysWanIPSecSetup.JPG
>
Hi Shane,
You can either modify the gateway to match Shrew's defaults, or modify
Shrew to match the gateway. I suggest we try the second approach first.
There's sort of three steps that need to be completed before you can
get a working tunnel:
1. Phase 1 negotiation.
2. Authentication.
3. Phase 2 negotiation.
So if we try to take this one step at a time, let's get Phase 1 working
first. One thing you'll have to do on the gateway side, is on the IPSec
screen, you'll need to change the "Phase 1 Negotiation" to Aggressive.
On the Shrew side, you need to match up the values with the gateway.
On the Phase 1 tab:
Exchange Type: aggressive
DH Exchange: group 1 (typically people use group 2 btw)
Cipher Algorithm: auto
Hash Algorithm: auto
Key Life Time limit: 28800
For a start at the second step, you'll need to figure out how you want
the Shrew client to be identified to the gateway. Based on your IPSec
image, the gateway is currently set to expect a specific IP address to
establish contact. If you have a static IP on the client side, put it
into the IP Address field next to "Remote Security Network." Also put
a password into the "Preshared Key" field.
On the Shrew side, on the Authentication tab, change the
"Authentication Method" to "Mutual PSK". Under "Local Identity" change
the "Identification Type" to "IP Address" and enter your static
client's IP address. Then under "Credentials" put the same password as
above into the "Pre Shared Key" field.
If you don't have static client IP, consider using something like
"Fully Qualified Domain Name" (FQDN) on the gateway and in Shrew. You
can make up any name, as long as it has at least two dots (aa.bb.cc)
and is the same in both.
Try to get that working first. Watch the logs on the SysWan device to
see if Phase 1 completes successfully. If not, report back with the
output from the log.
More information about the vpn-help
mailing list