[vpn-help] remote connection view Shrewsoft connects, but can't reach remote host --only on a couple of machines.

Allen Klein allen at apksolutions.com
Mon Dec 24 17:41:44 CST 2012


Hi,

A client of mine is having trouble pinging any of the remote resources running Shrewsoft ver 2.1.7, With the same profile that I've created, I can ping remote addresses, mount and access volumes on the other end. I visited their office and on one of the PC's running Windows XP, and that's connected through another ISP, I installed Shrewsoft 2.17 and imported the same profile. There once the tunnel was enabled, I was able to reach all addresses I tried to access. This is a hub and spoke VPN whose proxy ID is 172.30.0.0/16.From the Shrewsoft dialup VPN, I can ping either of the Juniper SSG-5 firewalls on either end of the site to site tunnel(one on a 172.30.151.0/24 network, and the other, 172.30.152.0/24 network. However, on two of my clients' PC's running Shrewsoft 2.1.7, the tunnel enables but they can't ping any thing on those 172.30.151.0 or 172.30.152.0 networks. It's only on those two machines. I've uninstalled and reinstalled Shrewsoft a couple of times, but the issue remains after the new installation and reimporting of the profile. Again --the same profile works on three of my machines: a Dell desktop running Windows 7, a laptop running XP and on my Macbook pro under Parallels running Windows XP or and Windows 7. I've tried a couple of my machines running Shrewsoft on 4 different physical connections, different make routers, different ISP's, and it always works fine, remains connected, etc. My client (who's the IT person for the company I set up the site-site VPN for) doesn't have that luck with his two machines. He's tried his desktop running Windows 7 from his home and from an office network that's connected to a different ISP than his office site-site.

They obviously make it through phase 1, but that's it. I can go through the same router in that office with my laptop, connect via Shrewsoft and ping both of those networks. He can't. Here's a screenshot off the Firewall's event log. Anybody have a similar issue?
I can connect from his machine on his Mac side, through the same ISP and router using VPN Tracker and the pinging works fine --and I don't get the failed negotiations, failed phase 2/policy/SA errors. When I connect through the same router with my laptop running Shrewsoft 2.1.7, I also don't get any of those errors, and I can ping everything remotely as well.








Allen Klein
APK Solutions – Computer Systems Consulting
415-924-7220
Apple Certified Support Professional
Member, ACN (Apple Consultants Network)
http://apksolutions.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20121224/aac23e2e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.tiff
Type: image/tiff
Size: 745790 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20121224/aac23e2e/attachment-0001.tiff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ACNlogoblack-sm.gif
Type: image/gif
Size: 486 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20121224/aac23e2e/attachment-0001.gif>


More information about the vpn-help mailing list