[vpn-help] Sonic wall and Shrew VPN help
Kevin VPN
kvpn at live.com
Mon Apr 29 21:14:58 CDT 2013
On 04/29/2013 06:24 PM, Clevenger, Stephen wrote:
>
> Good day,
>
> Working with your VPN client to gain access to a E5500 sonic wall. We
> are using the Shrew 2.2.0 client for windows. The sonic wall is at
> SonicOS Enhanced 5.8.1.12-65o.
>
> After talking to tech support with Sonic wall, we have set our
> firewall to accept fixed Phase 1 aggressive /3des / SHA1 / Group1 /
> 28800 sets , / then in policy to be accepting of all policies / and
> in phase 2 fixed set policy of ESP-3Des/ Sha1 / PFS auto /
> Compression - disable / Key life 28800/ and no data-limits sets. We
> have connectivity thru phase1 and into login for AD /LDAP
> verification. Where we stop is in the IPSec Policy setup.
>
> Attached is a copy of our sonic wall logs.
>
> You will see how the sonic client connects up and works just fine
> with the same users as the Shrew Client. SO this is not a username /
> AD issue.
>
> Next is the log from when the user tries to connect using the Shrew
> client. They get thru Phase 1 and to the authentication (AD) and
> then just logs out when it should be connecting the policy part to
> move on to the phase 2 connect . We see the disconnect comes from
> the shrew Client which is strange. SO it tells me there is an issue
> with the policy part of the Shrew Client
>
> Under policy I have tried the following by myself:
>
> Policy generation level has been thru all in list. Still
> disconnects without looking into the policy setup at all that we
> see. I have tried maintain persistent sec assoc. both enabled and
> disabled with no success I have to have set " obtain topology"
> enabled or it does not work at all.
>
> Is there something I have missed on the client side that needs to be
> set to make this work?
>
Hi Stephen,
To determine why the Shrew client is disconnecting, can you generate a
debug trace for us using the instructions below? Please remember to
restart the IKE Service after changing the Log Output Level:
https://www.shrew.net/support/VPN_Bug_Report_Windows
Also attaching your Shrew client site configuration would be helpful.
More information about the vpn-help
mailing list