[vpn-help] Cisco VPN
Goncalo Oliveira
goncalo at minkan.net
Tue Jul 30 08:26:07 CDT 2013
Hi Jim,
Thanks for replying. I have tried using both 32-bit and 64-bit, version
5.0.07.0240. 64-bit is always dropping and sometimes it just stops working
- had to re-install. The 32-bit is a bit more stable but still it's not
very natural to windows 8 and is unstable.
I was hoping I could replace it with Shrew client, it looks very good and
the drivers hassle is cleaner. However, it's not going for phase 2. I
already tried using 'force-rfc' on NAT traversal.
I do know that even Cisco client dropped the first time it tried to
connect; it would only work at the second attempt, don't know if that can
be helpful in anyway.
Any thoughts?
On 29 July 2013 19:45, Jim Harle <vpn at technicolor.com> wrote:
> What problems are you having with the Cisco client, and which version is
> it? 32-bit or 64-bit?****
>
> ** **
>
> Regarding the Shrew client, have you tried setting the NAT traversal to
> ‘force-rfc’ ?****
>
> ** **
>
> *From:* vpn-help-bounces at lists.shrew.net [
> mailto:vpn-help-bounces at lists.shrew.net <vpn-help-bounces at lists.shrew.net>]
> *On Behalf Of *Goncalo Oliveira
> *Sent:* Monday, July 29, 2013 7:23 AM
> *To:* vpn-help at lists.shrew.net
> *Subject:* Re: [vpn-help] Cisco VPN****
>
> ** **
>
> Any ideas, anyone?****
>
> ** **
>
> On 23 July 2013 14:15, Goncalo Oliveira <goncalo at minkan.net> wrote:****
>
> Hi there,****
>
> ** **
>
> We've been working with Cisco VPN Client 5.0 for some time, though, after
> installing windows 8 this is not a stable option. So, Shrew came to the
> rescue. The login to the VPN is made through group authentication, so the
> configurations are as follows****
>
> ** **
>
> General****
>
> Remote host****
>
> Host name or IP address: our provider vpn host name****
>
> Auto configuration: ike config pull****
>
> Local host****
>
> virtual adapter****
>
> ** **
>
> Client****
>
> Firewall****
>
> NAT Traversal: enable****
>
> IKE fragmentation: enable****
>
> Other options****
>
> Enable dead peer detection: unchecked****
>
> ** **
>
> Name resolution****
>
> DNS, automatically****
>
> WINS off****
>
> ** **
>
> Authentication****
>
> Method: Mutual PSK + XAuth****
>
> Local identity****
>
> Identification type: Key identifier****
>
> Key ID string: our group name identifier****
>
> Remote identity****
>
> Identification type: any (also tried IP address)****
>
> Credentials****
>
> Pre shared key: our group password****
>
> ** **
>
> Phase1****
>
> Exchange type: aggressive****
>
> DH Exchange: group 2****
>
> ** **
>
> Phase 2****
>
> PFS Exchange: group 2 (also tried auto and disabled)****
>
> ** **
>
> ** **
>
> ** **
>
> Phase 1 seems to go well, but phase 2 not so well, keeps writing 'config
> resend event schedule'.****
>
> I'm attaching the iked.log, as there might be something useful there.****
>
> ** **
>
> Can anyone help me out on this?****
>
> ** **
>
> Thanks.****
>
> Best regards
> ****
>
> ** **
>
> ** **
>
> --
> Gonçalo Oliveira ****
>
>
>
> ****
>
> ** **
>
> --
> Gonçalo Oliveira ****
>
--
Gonçalo Oliveira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130730/023a50ab/attachment.html>
More information about the vpn-help
mailing list