[vpn-help] client connects from some locations, not others
Kevin VPN
kvpn at live.com
Wed Jan 23 21:30:23 CST 2013
On 01/09/2013 03:47 PM, Scott Smith wrote:
> Hi there, wondering if anyone has had any similar issue, where Shrew will
> connect to a PIX515E from only some locations but the cisco client works
> from all.
>
>
> From: vpn-help-bounces at lists.shrew.net
> [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Scott Smith
> Sent: Thursday, December 20, 2012 9:12 PM
> To: vpn-help at lists.shrew.net
> Subject: [vpn-help] client connects from some locations, not my house!
>
>
> Using the same machine, installation & VPN connection profile I am able to
> connect to a CISCO PIX 515E from some locations (public library, remote
> office, co-workers house), but not from my own home and not from my bosses
> place.
>
> The machine I'm using is a Windows 7 64-bit running Shrew 2.2.0 (2.1.7 had
> the exact same issue).
>
> My home internet connection is not stellar (It's rural wireless, up to 3Mbps
> down/768 kbps up) but works well enough for the Cisco VPN client to connect
> when running in XP mode. Could the connection speed be an issue for Shrew
> even though Cisco works?
>
> I've checked the connection MTU but didn't locate a problem there.
>
Hi Scott,
I don't have a solution for you, but I'm curious about the problem. I
too have some clients that just don't work, even though the
configuration works for other people in other places. I've never
managed to reproduce it myself and my clients never have the patience to
debug it with me.
What's interesting about your situation is that the Cisco client works,
which tells us that IPsec does work from your location, so we should be
able to get the Shrew client working!
Anyway, a first step in diagnosing the problem would be to get some good
debug data. I don't know how to get debugging data out of the Cisco
client, but here's how to do it in Shrew:
http://www.shrew.net/support/VPN_Bug_Report_Windows
Do you know how to use Wireshark? I think it would be informative to
get a packet capture of a successful Cisco client session and a failed
Shrew client session to compare the packets. Just connect then
disconnect to keep the overall packet trace small.
More information about the vpn-help
mailing list