[vpn-help] HELP?
coremd at thedoctor-is-in.com
coremd at thedoctor-is-in.com
Thu Jul 24 14:28:14 CDT 2014
To whom it may concern,
If this is not the correct place to send a question, please tell me where to
post.
I am using Shrewsoft Version 2.2.2 to connect to a Cisco SA500 router.
I Have listed the pertinent settings below but here is my problem:
I can get a connection without any problem and I am able to Ping the remote
server, send and receive SQL Server messages and Map remote drives, etc.
HOWEVER there are times (and it fairly frequent) when the connection seems
to get lost even though Shrewsoft says it is still connected? When this
happens I lose all connectivity to the remote (I cannot ping, access mapped
drives or use the remote SQL Server).
Additionally I do not see myself as a user on the VPN router.
This happens whether my local computer is connected using wires, wirelessly,
though a switch, directly to my local router with no one else on the remote
or local network and on the following local operating systems: XP, Vista and
Windows 7 (both 32 and 64 bit).
Once I lose the connectivity I can disconnect Shrewsoft and reconnect
without a problem, but there is still no functionality unless I wait several
minutes. Then all works again for a while before I lose function again.
Can someone please help me make the connection stable?
Thank you in advance.
Corey Ziff
The Shrewsoft vpn file is set as follows:
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:0
n:client-dns-suffix-auto:1
n:client-splitdns-used:0
n:client-splitdns-auto:1
n:client-wins-used:0
n:client-wins-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:network-host: XX.XXX.XXX.XXX (I have a real external IP address here)
s:client-auto-mode:pull
s:client-iface:direct
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr: XX.XXX.XXX.XXX (I have a real internal IP address here)
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:remote.com
s:ident-server-data:local.com
b:auth-mutual-psk: XXXXXXXXXXXXXXXXXXX I changed this value for this email)
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:0
s:policy-level:auto
s:policy-list-include: XX.XXX.XXX.XXX / XX.XXX.XXX.XXX (I have a real
internal IP address/mask here)
s:client-saved-username: *************
The SA540 settings are as follows:
IKE TAB UNDER VPN
IKE Policy Configuration
Policy Name :
ShrewClient
Direction/Type: Responder
Exchange Mode: Aggressive
Local Identifier Type: FQDN
Local Identifier: local.com
Remote Identifier Type: FQDN
Remote Identifier: remote.com
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Authentication Method Pre-Shared Key
Pre-shared key: XXXXXXXXXX
Diffie-Hellman (DH) Group: Group 2 (1024)
SA-Lifetime (sec): 28800
Enable Dead Peer Detection: No (unchecked checkbox)
Detection Period: 10
Reconnect after failure count: 3
XAUTH Configuration: Edge Device
Authentication Type: User Database
User Name: (blank)
Password: (blank)
VPN POCICY TAB UNDER VPN
Policy Name:
ShrewClient
Policy Type: Auto
Policy
Select Local Gateway: Detected WAN
Remote Endpoint: FQDN
remote.com
Enable Mode Config: No (unchecked
checkbox)
Enable NetBIOS?: No (unchecked
checkbox)
Enable RollOver: No (unchecked
checkbox)
Local IP"
Subnet
Local IP Start Address: XXX.XXX.XXX.0
End IP Address: blank textbox
Subnet Mask:
255.255.255.0
Remote IP Any
Remote Start Address: blank textbox
End IP address: blank
textbox
Subnet Mask: blank
textbox
Manual Policy Parameters
SPI-Incoming: 0x
SPI-Outgoing: 0x
Encryption Algorithm: 3DES
Key-In:
blank textbox
Key-Out: blank
textbox
Integrity Algorithm SAH-1
Key-In:
blank textbox
Key-Out: blank
textbox
Auto Policy Parameters
SA Lifetime: 3600
Encryption Algorithm 3DES
Integrity Algorithm SHA-1
PFS Key Group: YES (checked
checkbox)
DH Group 2 (1024 bit)
Select IKE Policy ShrewClient
Redundant VPN Gateway Parameters
Enable Redundant Gateway: NO (unchecked checkbox)
Select Back- up Policy blank disabled
dropdown list
Failback time to switch: 30 Seconds
from back-up to primary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20140724/7f99c6a0/attachment-0001.html>
More information about the vpn-help
mailing list