[vpn-help] Sonic wall and Shrew VPN help

Kevin VPN kvpn at live.com
Mon Apr 29 21:14:58 CDT 2013 

On 04/29/2013 06:24 PM, Clevenger, Stephen wrote:
>
> Good day,
>
> Working with your VPN client to gain access to a E5500 sonic wall. We
> are using the Shrew 2.2.0 client  for windows.  The sonic wall is at
> SonicOS Enhanced 5.8.1.12-65o.
>
> After talking to tech support with Sonic wall, we have set our
> firewall to accept fixed Phase 1  aggressive /3des / SHA1 / Group1 /
> 28800  sets , / then in policy to be accepting of all policies / and
> in phase 2  fixed set policy of  ESP-3Des/ Sha1 / PFS auto /
> Compression - disable / Key life 28800/ and no data-limits  sets. We
> have connectivity thru phase1  and into login for AD /LDAP
> verification. Where we stop is in the IPSec Policy setup.
>
> Attached is a copy of our sonic wall logs.
>
> You will see how the sonic client connects up and works just fine
> with the same users as the Shrew Client.  SO this is not a username /
> AD issue.
>
> Next is the log from when the user tries to connect using the Shrew
> client. They get thru Phase 1 and to the authentication (AD)  and
> then just logs out  when it should be connecting the policy part to
> move on to the phase 2  connect . We see the disconnect comes from
> the shrew Client which is strange.  SO it tells me there is an issue
> with the policy part of the Shrew Client
>
> Under policy I have tried  the following  by myself:
>
> Policy generation level  has been thru  all in list. Still
> disconnects without looking into the policy setup at all that we
> see. I have tried maintain persistent  sec assoc.  both enabled and
> disabled with no success I have to have set " obtain topology"
> enabled or it does not work at all.
>
> Is there something I have missed on the client side that needs to be
> set to make this work?
>

Hi Stephen,

To determine why the Shrew client is disconnecting, can you generate a 
debug trace for us using the instructions below?  Please remember to 
restart the IKE Service after changing the Log Output Level:
https://www.shrew.net/support/VPN_Bug_Report_Windows

Also attaching your Shrew client site configuration would be helpful.

More information about the vpn-help mailing list