[vpn-help] Cannot access VPN resources

Thu Feb 2 20:53:54 CST 2012

On 02/02/2012 08:39 AM, Daniele at Gmail wrote:
> Hi Kevin,
> I resolved my problem by these steps:
>
> * uninstall VPN client (last installed: version 2.2.0)
> * drop all connections files
> * reinstall VPN client (2.1.7)
> * import my VPN configuration from CISCo pcf file
>
> Now the VPN works.
> Thank you.
> Daniele
>
>
>
>
> Il 27/01/2012 04:47, Kevin VPN ha scritto:
>> On 01/26/2012 08:38 AM, Daniele Comand wrote:
>>> Phase 1 appears to connect and I get the 'Tunnel enabled' message,
>>> however,
>>> I cannot ping or access any remote IP addresses.
>>> I tried both the client versions 2.1.7 and 2.2.0, with almost identical
>>> results.
>>>> From another Windows XP machine with a Cisco client I can connect.
>>> In the IKED.log debug file I find this message:
>>> "12/01/25 20:07:08!: Peer violates RFC number transform mismatch (1!
>>> = 14)"
>>> Can you help me to get the VPN works?
>>>
>>> VPN Client Version = 2.1.7 e 2.2.0
>>> Windows OS Version = Windows 7 64-bit
>>> Gateway Make/Model = CISCO PIX
>>> Gateway OS Version = unknown
>>>
>>
>> Hi Daniele,
>>
>> The problem is that the Phase2 negotiation is failing. According to
>> the iked.log you provided, Phase1, XAuth and client configuration
>> succeed, but Phase2 fails.
>>
>> You'll need to contact the VPN gateway administrator to find out why
>> Phase2 is failing. It is probably because some of the settings in the
>> Shrew client do not match what the Cisco requires.
>>
>> iked.log:
>>
>> 12/01/25 20:07:08 ii : phase1 sa established
>> ...
>> 12/01/25 20:07:08 ii : received basic xauth request -
>> 12/01/25 20:07:08 ii : - standard xauth username
>> 12/01/25 20:07:08 ii : - standard xauth password
>> 12/01/25 20:07:08 ii : sending xauth response for comand
>> 12/01/25 20:07:08 ii : received xauth result -
>> 12/01/25 20:07:08 ii : user comand authentication succeeded
>> ...
>> 12/01/25 20:07:08 ii : sending config pull request
>> 12/01/25 20:07:08 ii : processing config packet ( 76 bytes )
>> 12/01/25 20:07:08 DB : config found
>> 12/01/25 20:07:08 ii : received config pull response
>> 12/01/25 20:07:08 ii : - IP4 Address = 192.168.61.6
>> ...
>> 12/01/25 20:07:24 -> : resend 1 phase2 packet(s) [2/2]
>> 10.168.89.206:500 -> ??.???.???.?:500
>> 12/01/25 20:07:27 -> : resend 1 phase2 packet(s) [2/2]
>> 10.168.89.206:500 -> ??.???.???.?:500
>> 12/01/25 20:07:29 ii : resend limit exceeded for phase2 exchange
>> 12/01/25 20:07:29 ii : phase2 removal before expire time
>> 12/01/25 20:07:29 DB : phase2 deleted ( obj count = 1 )
>>

Great Daniele, thanks for reporting back!

I've copied the list so that others who are having problems with 
PCF-related configurations can see what you did.

By "dropped all connection files" I assume you mean that you went into 
the "Documents/Shrew Soft VPN/sites" directory and deleted the 
configuration files that were in there.  Doing that would prevent Shrew 
from automatically importing them when you installed the client again, 
which would allow you to import the PCF file again.