[vpn-help] CISCO SA-520 vs Shrew Soft VPN client

kevin vpn klmlk at hotmail.com
Mon Mar 21 20:40:21 CDT 2011


On Sun, 20 Mar 2011 00:44:40 +0100
"HADI Attila" <hadi.attila at aero-networx.hu> wrote:

> The VPN connection is working properly if I want to communicate
> inbound the 192.168.4.0/24 subnet.
> 
> My problem is the next:
> 
> I would like to forward all trafic to the other side via the VPN
> tunnel.
> 
> If I set the IPSEC Policy Configuration manualy (I set 192.168.4.0/24
> to Include) I can reach the network (ping is OK),but every other
> trafic going out via my local router instead of via the VPN tunel on
> the other gateway.
> 
> If I set the Obtain Topology Automatically or Tunnel All I can not
> reach the 192.168.4.0/24 network.
> 

Hi Attila,

I would suggest that the Cisco gateway at the other end is not
configured to allow you to forward all traffic via the tunnel.  Instead
it is configured to allow access only to the 192.168.4.0/24 network.

You can check this by using the VPN trace utility.  Setup the VPN trace
utility according to the instructions at the link below.  Then connect
to the Cisco gateway (with Shrew configured to Tunnel All).  Generate
traffic by pinging the 192.168.4.0 network.  Then look on the Security
Associations tab of the VPN trace utility.  In a correct configuration,
there should be two SAs setup, one for traffic in each direction.  For
each ping, there should be bytes transfered in each direction.

In your case, I expect you to see that there is only bytes transfered
in one direction, or the SAs keep resetting because they do not
successfully get negotiated.

VPN trace instructions:
http://www.shrew.net/support/wiki/BugReportVpnWindows



More information about the vpn-help mailing list