[vpn-help] is shrew client not compatible with cisco rv082 vpn tunnels?

Sat Jul 6 21:52:09 CDT 2013

Hi,

i tried to build a vpn tunnel with shrew 2.2.2 on a windows 7 x64 pc
to a cisco rv082 router with the latest firmare v4.2.2.08.
but i can't get a sa in phase 2.
i tried different settings in shrew, for example
nat traversal, policy and local host... but without success.

i had seen this guide:
https://www.shrew.net/support/Howto_Linksys

i want to establish a vpn tunnel for each single user instead of a group.
so i set up a vpn tunnel in the rv082 router with a new subnet
outside of booth existing lan subsets (remote & local) and
use e-mail (USER FQDN) authentification:
remote security gateway typ: dynamic ip + email (ufqdn)
remote security group type:  subnet
ip: 192.168.11.11
subset mask: 255.255.255.255
(i tried remote security group type: ip setting also...)

i configured shrew accordingly.

result: i can't establish a phase 2 sa.
the router seems not to have a remote network policy.
it seems to me, that i can't configure such a policy in the router
and i can't disable remote network policy in shrew.

vpn trace from shew:

13/07/07 03:50:49 == : phase2 hash_r ( input ) ( 132 bytes )
13/07/07 03:50:49 == : phase2 hash_r ( computed ) ( 20 bytes )
13/07/07 03:50:49 == : phase2 hash_r ( received ) ( 20 bytes )
13/07/07 03:50:49 ii : matched ipsec-esp proposal #1 transform #1
13/07/07 03:50:49 ii : - transform    = esp-aes
13/07/07 03:50:49 ii : - key length   = 128 bits
13/07/07 03:50:49 ii : - encap mode   = udp-tunnel ( rfc )
13/07/07 03:50:49 ii : - msg auth     = hmac-sha1
13/07/07 03:50:49 ii : - pfs dh group = group2 ( modp-1024 )
13/07/07 03:50:49 ii : - life seconds = 3600
13/07/07 03:50:49 ii : - life kbytes  = 0

13/07/07 03:50:49 ii : phase2 rejected, id value mismatch
13/07/07 03:50:49 ii : - loc ANY:192.168.11.11:* -> ANY:192.168.0.0/24:*
13/07/07 03:50:49 ii : - rmt <UNKNOWN P2ID> -> ANY:192.168.0.0/24:*

13/07/07 03:50:49 DB : phase2 resend event canceled ( ref count = 1 )
13/07/07 03:50:49 ii : phase2 removal before expire time
13/07/07 03:50:49 DB : phase2 deleted ( obj count = 0 )

any ideas?

thanks and best regards, Reinhard.