[vpn-help] R: Shrew and RSA authentication with Cisco devices

Kevin VPN kvpn at live.com
Tue Oct 4 21:16:17 CDT 2011


On 10/03/2011 03:01 AM, Trzewiczek Łukasz wrote:
> Hi,
>
> I have encountered the same problem with Mutual RSA +
> XAUTH authentication. My client version is 2.1.7 and I use it
> with ASA 5505 (soft ver.6.2) with mutual PSK authentication.
> Cisco ASA is configured the same as in this tutorial:
>
> http://www.cisco.com/en/US/products/ps6120/
> products_configuration_example09186a0080930f21.shtml
>
> I also have Microsoft`s CA. It works perfectly with Cisco VPN
> Client but doesn`t with Shrew. Has any of you used such dual
> authentication with success? I have tried probably every option
> in access manager and I don`t know if there`s any bug in access
> manager or my configuration is wrong.
>
> Logs from ASA are as following:
>
> Sep 29 09:06:22 hutmenasa %ASA-6-302015: Built inbound UDP
> connection 250884 for outside:95.41.84.136/4500 (95.41.84.136/4500)
> to identity:172.18.1.16/4500 (172.18.1.16/4500)
>
> Sep 29 09:06:22 hutmenasa %ASA-6-713172: Group = Uzytkownicy,
> IP = 95.41.84.136, Automatic NAT Detection Status:     Remote end
> is NOT behind a NAT device  This end   IS   behind a NAT device
>
> Sep 29 09:06:22 hutmenasa %ASA-6-717022: Certificate was
> successfully validated. serial number: 626A0CC20004000000AD,
> subject name:  ea=lukasz.trzewiczek at hutmen.pl,
> cn=<C5>\201ukasz Trzewiczek,ou=FI,ou=DG,ou=Hutmen,ou=Uzytkownicy,
> dc=hutmen,dc=pl.
>
> Sep 29 09:06:22 hutmenasa %ASA-6-717028: Certificate chain was
> successfully validated with warning, revocation status was not
> checked.
>
> Sep 29 09:06:22 hutmenasa %ASA-5-713050: Group = Uzytkownicy,
> IP = 95.41.84.136, Connection terminated for peer .  Reason: Peer
> Terminate  Remote Proxy N/A, Local Proxy N/A
>
...

> Any help will be appreciated.
>

Hi Lukas,

To me it looks like Shrew has terminated the connection, based on the 
ASA reporting "Peer Terminate".

Can you produce a Shrew log using these instructions to see if helps us: 
http://www.shrew.net/support/wiki/BugReportVpnWindows



More information about the vpn-help mailing list