[vpn-help] Cisco VPN
Jim Harle
vpn at technicolor.com
Tue Jul 30 14:52:45 CDT 2013
The "latest" (still two years old) Cisco 64-bit client is 5.0.07.0440, and can be download from here http://www.asc.edu/downloads/CiscoVPN/Windows/, not that it will change anything, but it's the version I was testing with under Windows 8 x64. My main complaint with the Cisco client, is it sets the MTU to 1300 on all of your adapters, not just its own virtual one. The Shrew client uses a 1380 MTU (by default) for only its virtual adapter. Not that this has anything to do with your problem.
What type of device are you connecting through for Internet? I don't think the iked.log came through on your original post - I'd like to see it.
In about a week I'll have a Cisco ASA gateway set up in a lab environment - perhaps you could try connecting to it after it's provisioned, just to see if you experience the same symptoms with a different gateway.
-Jim
From: Goncalo Oliveira [mailto:goncalo at minkan.net]
Sent: Tuesday, July 30, 2013 7:26 AM
To: Harle Jim
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Cisco VPN
Hi Jim,
Thanks for replying. I have tried using both 32-bit and 64-bit, version 5.0.07.0240. 64-bit is always dropping and sometimes it just stops working - had to re-install. The 32-bit is a bit more stable but still it's not very natural to windows 8 and is unstable.
I was hoping I could replace it with Shrew client, it looks very good and the drivers hassle is cleaner. However, it's not going for phase 2. I already tried using 'force-rfc' on NAT traversal.
I do know that even Cisco client dropped the first time it tried to connect; it would only work at the second attempt, don't know if that can be helpful in anyway.
Any thoughts?
On 29 July 2013 19:45, Jim Harle <vpn at technicolor.com<mailto:vpn at technicolor.com>> wrote:
What problems are you having with the Cisco client, and which version is it? 32-bit or 64-bit?
Regarding the Shrew client, have you tried setting the NAT traversal to 'force-rfc' ?
From: vpn-help-bounces at lists.shrew.net<mailto:vpn-help-bounces at lists.shrew.net> [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Goncalo Oliveira
Sent: Monday, July 29, 2013 7:23 AM
To: vpn-help at lists.shrew.net<mailto:vpn-help at lists.shrew.net>
Subject: Re: [vpn-help] Cisco VPN
Any ideas, anyone?
On 23 July 2013 14:15, Goncalo Oliveira <goncalo at minkan.net<mailto:goncalo at minkan.net>> wrote:
Hi there,
We've been working with Cisco VPN Client 5.0 for some time, though, after installing windows 8 this is not a stable option. So, Shrew came to the rescue. The login to the VPN is made through group authentication, so the configurations are as follows
General
Remote host
Host name or IP address: our provider vpn host name
Auto configuration: ike config pull
Local host
virtual adapter
Client
Firewall
NAT Traversal: enable
IKE fragmentation: enable
Other options
Enable dead peer detection: unchecked
Name resolution
DNS, automatically
WINS off
Authentication
Method: Mutual PSK + XAuth
Local identity
Identification type: Key identifier
Key ID string: our group name identifier
Remote identity
Identification type: any (also tried IP address)
Credentials
Pre shared key: our group password
Phase1
Exchange type: aggressive
DH Exchange: group 2
Phase 2
PFS Exchange: group 2 (also tried auto and disabled)
Phase 1 seems to go well, but phase 2 not so well, keeps writing 'config resend event schedule'.
I'm attaching the iked.log, as there might be something useful there.
Can anyone help me out on this?
Thanks.
Best regards
--
Gonçalo Oliveira
--
Gonçalo Oliveira
--
Gonçalo Oliveira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130730/bf33d59c/attachment-0001.html>
More information about the vpn-help
mailing list