[vpn-help] Sonic wall and Shrew VPN help
Clevenger, Stephen
sclevenger at frhg.org
Mon Apr 29 17:24:48 CDT 2013
Good day,
Working with your VPN client to gain access to a E5500 sonic wall. We are using the Shrew 2.2.0 client for windows. The sonic wall is at SonicOS Enhanced 5.8.1.12-65o.
After talking to tech support with Sonic wall, we have set our firewall to accept fixed Phase 1 aggressive /3des / SHA1 / Group1 / 28800 sets , / then in policy to be accepting of all policies / and in phase 2 fixed set policy of ESP-3Des/ Sha1 / PFS auto / Compression - disable / Key life 28800/ and no data-limits sets.
We have connectivity thru phase1 and into login for AD /LDAP verification. Where we stop is in the IPSec Policy setup.
Attached is a copy of our sonic wall logs.
You will see how the sonic client connects up and works just fine with the same users as the Shrew Client. SO this is not a username / AD issue.
Next is the log from when the user tries to connect using the Shrew client. They get thru Phase 1 and to the authentication (AD) and then just logs out when it should be connecting the policy part to move on to the phase 2 connect . We see the disconnect comes from the shrew Client which is strange. SO it tells me there is an issue with the policy part of the Shrew Client
Under policy I have tried the following by myself:
Policy generation level has been thru all in list. Still disconnects without looking into the policy setup at all that we see.
I have tried maintain persistent sec assoc. both enabled and disabled with no success
I have to have set " obtain topology" enabled or it does not work at all.
Is there something I have missed on the client side that needs to be set to make this work?
I am willing to work as a ginny pig to see if we can get this to work.
My contact information is below and I work 8:30 -4pm PST
Regards,
Stephen Clevenger
Network Engineer
Fremont-Rideout Health Group
614 J Street
Marysville, CA 95901
916-216-5672 Cell
530.740.1940 ext 3807
530.740.1946 fax
www.frhg.org<http://www.frhg.org>
Exceptional Care, Close to Home
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Log View - works Sonic Client.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 23234 bytes
Desc: Log View - works Sonic Client.docx
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Log View -Does not work with Shrew.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 18234 bytes
Desc: Log View -Does not work with Shrew.docx
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130429/c103b6c4/attachment-0003.bin>
More information about the vpn-help
mailing list