[vpn-help] Sonic wall and Shrew VPN help

Clevenger, Stephen sclevenger at frhg.org
Mon Apr 29 17:24:48 CDT 2013


Good day,

Working with your VPN client to gain access to a E5500 sonic wall. We are using the Shrew 2.2.0 client  for windows.  The sonic wall is at  SonicOS Enhanced 5.8.1.12-65o.

After talking to tech support with Sonic wall, we have set our firewall to accept fixed Phase 1  aggressive /3des / SHA1 / Group1 / 28800  sets , / then in policy to be accepting of all policies / and in phase 2  fixed set policy of  ESP-3Des/ Sha1 / PFS auto /  Compression - disable / Key life 28800/ and no data-limits  sets.
We have connectivity thru phase1  and into login for AD /LDAP verification. Where we stop is in the IPSec Policy setup.

Attached is a copy of our sonic wall logs.

You will see how the sonic client connects up and works just fine with the same users as the Shrew Client.  SO this is not a username / AD issue.

Next is the log from when the user tries to connect using the Shrew client. They get thru Phase 1 and to the authentication (AD)  and then just logs out  when it should be connecting the policy part to move on to the phase 2  connect . We see the disconnect comes from the shrew Client which is strange.  SO it tells me there is an issue with the policy part of the Shrew Client

Under policy I have tried  the following  by myself:

Policy generation level  has been thru  all in list. Still disconnects without looking into the policy setup at all that we see.
I have tried maintain persistent  sec assoc.  both enabled and disabled with no success
I have to have set " obtain topology"   enabled or it does not work at all.

Is there something I have missed on the client side that needs to be set to make this work?

I am willing to work as a ginny pig to see if we can get this to work.

My contact information  is below and I work 8:30 -4pm  PST

Regards,

Stephen Clevenger

Network Engineer

Fremont-Rideout Health Group

614 J Street

Marysville, CA 95901

916-216-5672 Cell

530.740.1940 ext 3807

530.740.1946 fax

www.frhg.org<http://www.frhg.org>

Exceptional Care, Close to Home


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Log View - works Sonic Client.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 23234 bytes
Desc: Log View - works Sonic Client.docx
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Log View -Does not work with Shrew.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 18234 bytes
Desc: Log View -Does not work with Shrew.docx
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0003.bin>


More information about the vpn-help mailing list