[vpn-help] Windows v2.1.7 client vs. Zyxel Prestige router/security gateway
Maurizio Properzi
maurizio.properzi at univaq.it
Wed Mar 23 11:58:15 CDT 2011
Hi Kevin,
you are correct, also...
...changing "Site configuration"->"Policy"->"IPSEC Policy Configuration"
settings, according to your hint, fixed all.
If you (= shrew.net)like, I can contribute writing down a configuration guide for
ZYXEL P-662H-D1 and P-661H-D1 (however, these devices, AFAIK, are no longer produced...)
Thank you, best regards
Maurizio Properzi
---
On Tue, 15 Mar 2011 17:18:14 +0100 (CET)
Maurizio Properzi <maurizio.properzi at univaq.it> wrote:
> Problem:
>
> After examining the device log, root cause seems to be [see
> Log-gateway.gif] a Phase 2 ID mismatch, but I haven't found where to
> change it in client settings, while other VPN clients let me to do
> so!!!...
>
Hi Maurizio,
You are correct, you do have a Phase 2 mismatch. The Shrew client is
attempting to tunnel all traffic from the client PC to the gateway
(e.g. <0.0.0.0>-<0.0.0.0>) whereas the gateway is expecting only
traffic for the local subnet (e.g. <192.168.0.0>-<255.255.255.0>).
You can correct this in the Shrew config. If you're using Windows, in
the Site Configuration, on the Policy tab (far right tab) do the
following:
1. Uncheck "Obtain Topology Automatically or Tunnel All".
2. Click Add and use the following settings:
Type: Include
Address: 192.168.0.0
Netmask: 255.255.255.0
3. Click Ok then Save.
If you're using Linux and editing the configuration file manually, you
have to change a couple policy-list lines.
From:
s:policy-list-auto:1
s:policy-list-include:0.0.0.0 / 0.0.0.0
To:
s:policy-list-auto:0
s:policy-list-include:192.168.0.0 / 255.255.255.0
That should hopefully do it.
More information about the vpn-help
mailing list