[vpn-help] Another user with Phase2 problems?

Marc Cohen office at nccs.biz
Wed Dec 17 08:38:02 CST 2014 

Mathew,

Thank you for the article - it certainly makes me want to rethink my 
approach. I'm still going to try changing my subnet and see if that works.

Thanks,
Marc

-------- Original Message --------
Subject: Re: [vpn-help] Another user with Phase2 problems?
From: Hunter, Mathew <Mathew.Hunter at perkinswill.com>
To: office at nccs.biz <office at nccs.biz>
Date: 12/16/2014 6:55 pm

> Here is a decent discussion on the topic.
>
> http://serverfault.com/questions/21399/how-do-you-avoid-network-conflict-with-vpn-internal-networks
>
> Most businesses stay away from the 192.168 private range specifically to avoid these conflicts.  There are other solutions but they may be beyond the scope of what you are trying to accomplish.
>
>
> -----Original Message-----
> From: Marc Cohen [mailto:office at nccs.biz]
> Sent: Tuesday, December 16, 2014 3:51 PM
> To: Hunter, Mathew; vpn-help at lists.shrew.net
> Subject: Re: [vpn-help] Another user with Phase2 problems?
>
> For debugging purposes I will try that BUT the laptop travels and connects to many different networks. I never know what IP subnet it will be on. (I cannot change the remote network's subnet). Am I trying to do something that cannot be done?
>
> -------- Original Message --------
> Subject: Re: [vpn-help] Another user with Phase2 problems?
> From: Hunter, Mathew <Mathew.Hunter at perkinswill.com>
> To: office at nccs.biz <office at nccs.biz>, vpn-help at lists.shrew.net <vpn-help at lists.shrew.net>
> Date: 12/16/2014 6:07 pm
>
>> If your remote client is on a network with the same subnet as the local network you will typically not have vpn access.
>> Shrewsoft could perhaps handle this differently, but in general what will end up happening is trying to contact a host on the remote side will cause your computer to send out arp broadcasts (it will think it's local) which won't go over vpn thus no response will come back and your connection will die at layer 2.
>>
>> Try changing the subnet on one of the sides and see if you have IP connectivity.
>>
>> Mathew Hunter CCNA, MCITP-ET
>> Global Technology Services Lead
>> t 604.484.1030  m 604.218.0695
>> Perkins+Will
>>
>> -----Original Message-----
>> From: vpn-help [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of
>> Marc Cohen
>> Sent: Tuesday, December 16, 2014 2:42 PM
>> To: vpn-help at lists.shrew.net
>> Subject: [vpn-help] Another user with Phase2 problems?
>>
>> I'm having trouble connecting to a remote network using the Shrew Soft VPN Client for Windows. I am trying to connect directly to the Cisco gateway. I have a feeling my immediate problem is with my Phase 2 connection. The ultimate goal is to access a share on a computer on the remote network (i.e. map a letter to the share).
>>
>> Right now I get to the "tunnel enabled" but cannot access anything on the remote network. Looking at the log file it appears that something isn't right but I have no idea what.
>>
>> Thanks for your help,
>> Marc
>>
>> VPN Client Version = Standard Edition 2.2.2 Windows OS Version =
>> Windows 7 Pro - SP1 Gateway Make/Model = Cisco RVS4000 Gateway OS
>> Version = v2.0.2.7
>>
>> IP Addressing---------------------
>> Remote Lan: 192.168.1.0/24
>> -Cisco RVS4000 is 192.168.1.1 and is the DHCP server
>>
>> Local Computer IP can change depending upon what it's connected to - right now it is in the same IP subnet as the remote.
>>
>> Assigned IP address to VPN Client: 192.168.2.10
>>
>>
>> Cisco RVS4000 Gateway---------------
>> IPSec: IKE with Preshared Key
>>
>> Phase1
>> Encryption          : 3des
>> Authentication      : SHA1
>> Group               : 1024-bit
>> Key LifeTime        : 28800 sec
>>
>> Phase2
>> Encryption          : 3des
>> Authentication      : SHA1
>> Perfect Forward     : Enable
>> Group               : 1024-bit
>> Key LifeTime        : 3600 sec
>>
>> Shrew Soft VPN Client---------------
>> Phase1
>>
>> Exchange Type       : aggressive
>> DH Exchange         : group 2
>> Cipher Algorithm    : 3des
>> Hash Algorithm      : SHA1
>> Key LifeTime        : 28800 sec
>> Key Data limit      : 0 Kbytes
>>
>> Phase2
>> Transform Algorithm : esp-3des
>> HMAC Algorithm      : SHA1
>> PFS Exchange        : group 2
>> Compress Algorithm  : disabled
>> Key LifeTime        : 3600 sec
>> Key Data limit      : 0 Kbytes
>>
>

More information about the vpn-help mailing list