[vpn-help] Shrewsoft to Cisco ASA 5520
Larry Gray
lgray at bgibson.com
Tue Nov 25 07:31:10 CST 2014
I work with a lot of different customers who use a lot of different equipment to provide vpn connections so we can maintain equipment. I have been using Shrew for a while now for quite a few cisco vpn connections and haven't had a problem. I received a new pcf file from a new site and imported it into the client. When I load the connection and login, I connect, I see new routes that are built, but I cannot ping or access the one device they are permitting us to access. The cisco vpn client works, but I cannot access anything with shrewsoft.
I have done a lot of research trying to find an answer, but my vpn troubleshooting skills are not that strong. The customer is open to some guidance, but they will not let us work with their firewall. I have found mention of the following possible issues:
1. Single host policy failing: https://lists.shrew.net/pipermail/vpn-help/2011-July/003879.html
2. Issues with split tunneling: https://lists.shrew.net/pipermail/vpn-help/2009-October/001426.html
But none of those are for an ASA 5520. Can someone help with additional troubleshooting steps so I can guide the customers IT staff to make a slight change in their firewall so this works with Shrewsoft? Or, maybe tell me something I can set in shrewsoft that might work?
Here are some highlights when connected with Shrewsoft:
ASA 5520
Policy includes access to 1 IP address: 192.168.113.193/32
Connected client shows:
SA Established=1
Expired/Failed both = 0
Status=Connected
Transport=NAT-T RFC / IKE| ESP
IKE Fragmentation = disabled
Dead Peer Detection = enabled
Computer routing table shows the following relevant new routes when connected (3.4.5.6 = :
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.99.99.0 255.255.255.0 On-link 10.99.99.240 286
10.99.99.240 255.255.255.255 On-link 10.99.99.240 286
10.99.99.255 255.255.255.255 On-link 10.99.99.240 286
3.4.5.6 255. 255.255.255 10.10.40.1 10.10.40.101 21
192.168.113.193 255.255.255.255 On-link 10.99.99.240 31
[cid:teldata2828716] Larry Gray
Technician
Phone: (317) 802-2530
Fax: (317) 802-2531
Extension: 22530
E-mail: lgray at bgibson.com
[cid:c17f1326-f74b-443b-854f-d8ebfcd977db0ca4d7]
Disclaimer: The information enclosed in this transmission is considered private & confidential and may not be reproduced in any form without the senders permission. If you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it is prohibited and is unlawful.
Please consider the environment, before printing this email.
Disclaimer added by CodeTwo Exchange Rules 2013
www.codetwo.com<http://www.codetwo.com/?sts=2532>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/2645a15f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: teldata2828716
Type: image/jpeg
Size: 14985 bytes
Desc: teldata2828716
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/2645a15f/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c17f1326-f74b-443b-854f-d8ebfcd977db0ca4d7
Type: image/gif
Size: 3639 bytes
Desc: c17f1326-f74b-443b-854f-d8ebfcd977db0ca4d7
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/2645a15f/attachment-0001.gif>
More information about the vpn-help
mailing list