[vpn-help] is shrew client not compatible with cisco rv082 vpn tunnels?
Alexis La Goutte
alexis.lagoutte at gmail.com
Mon Jul 8 01:46:13 CDT 2013
Hi,
13/07/07 03:50:49 ii :* phase2 rejected, id value mismatch*
13/07/07 03:50:49 ii : - loc ANY:192.168.11.11:* -> ANY:192.168.0.0/24:*
13/07/07 03:50:49 ii : - rmt <UNKNOWN P2ID> -> ANY:192.168.0.0/24:*
The settings for phase 2 is not good between the shrew client and your
RV082.
Regards,
On Sun, Jul 7, 2013 at 4:52 AM, Reinhard Szalghary <ReinaSowieso at gmx.de>wrote:
> Hi,
>
> i tried to build a vpn tunnel with shrew 2.2.2 on a windows 7 x64 pc
> to a cisco rv082 router with the latest firmare v4.2.2.08.
> but i can't get a sa in phase 2.
> i tried different settings in shrew, for example
> nat traversal, policy and local host... but without success.
>
> i had seen this guide:
> https://www.shrew.net/support/**Howto_Linksys<https://www.shrew.net/support/Howto_Linksys>
>
> i want to establish a vpn tunnel for each single user instead of a group.
> so i set up a vpn tunnel in the rv082 router with a new subnet
> outside of booth existing lan subsets (remote & local) and
> use e-mail (USER FQDN) authentification:
> remote security gateway typ: dynamic ip + email (ufqdn)
> remote security group type: subnet
> ip: 192.168.11.11
> subset mask: 255.255.255.255
> (i tried remote security group type: ip setting also...)
>
> i configured shrew accordingly.
>
> result: i can't establish a phase 2 sa.
> the router seems not to have a remote network policy.
> it seems to me, that i can't configure such a policy in the router
> and i can't disable remote network policy in shrew.
>
> vpn trace from shew:
>
> 13/07/07 03:50:49 == : phase2 hash_r ( input ) ( 132 bytes )
> 13/07/07 03:50:49 == : phase2 hash_r ( computed ) ( 20 bytes )
> 13/07/07 03:50:49 == : phase2 hash_r ( received ) ( 20 bytes )
> 13/07/07 03:50:49 ii : matched ipsec-esp proposal #1 transform #1
> 13/07/07 03:50:49 ii : - transform = esp-aes
> 13/07/07 03:50:49 ii : - key length = 128 bits
> 13/07/07 03:50:49 ii : - encap mode = udp-tunnel ( rfc )
> 13/07/07 03:50:49 ii : - msg auth = hmac-sha1
> 13/07/07 03:50:49 ii : - pfs dh group = group2 ( modp-1024 )
> 13/07/07 03:50:49 ii : - life seconds = 3600
> 13/07/07 03:50:49 ii : - life kbytes = 0
>
> 13/07/07 03:50:49 ii : phase2 rejected, id value mismatch
> 13/07/07 03:50:49 ii : - loc ANY:192.168.11.11:* -> ANY:192.168.0.0/24:*
> 13/07/07 03:50:49 ii : - rmt <UNKNOWN P2ID> -> ANY:192.168.0.0/24:*
>
> 13/07/07 03:50:49 DB : phase2 resend event canceled ( ref count = 1 )
> 13/07/07 03:50:49 ii : phase2 removal before expire time
> 13/07/07 03:50:49 DB : phase2 deleted ( obj count = 0 )
>
> any ideas?
>
> thanks and best regards, Reinhard.
> ______________________________**_________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/**mailman/listinfo/vpn-help<https://lists.shrew.net/mailman/listinfo/vpn-help>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130708/6213a8f6/attachment.html>
More information about the vpn-help
mailing list