[vpn-help] Shrewsoft to Cisco ASA 5520
Alexis La Goutte
alexis.lagoutte at gmail.com
Tue Nov 25 07:49:30 CST 2014
Hi Larry,
Do you have check your Shrew log and Cisco logs ?
Regards,
On Tue, Nov 25, 2014 at 2:31 PM, Larry Gray <lgray at bgibson.com> wrote:
> I work with a lot of different customers who use a lot of different
> equipment to provide vpn connections so we can maintain equipment. I have
> been using Shrew for a while now for quite a few cisco vpn connections and
> haven’t had a problem. I received a new pcf file from a new site and
> imported it into the client. When I load the connection and login, I
> connect, I see new routes that are built, but I cannot ping or access the
> one device they are permitting us to access. The cisco vpn client works,
> but I cannot access anything with shrewsoft.
>
>
>
> I have done a lot of research trying to find an answer, but my vpn
> troubleshooting skills are not that strong. The customer is open to some
> guidance, but they will not let us work with their firewall. I have found
> mention of the following possible issues:
>
> 1. Single host policy failing:
> https://lists.shrew.net/pipermail/vpn-help/2011-July/003879.html
>
> 2. Issues with split tunneling:
> https://lists.shrew.net/pipermail/vpn-help/2009-October/001426.html
>
>
>
> But none of those are for an ASA 5520. Can someone help with additional
> troubleshooting steps so I can guide the customers IT staff to make a
> slight change in their firewall so this works with Shrewsoft? Or, maybe
> tell me something I can set in shrewsoft that might work?
>
>
>
> Here are some highlights when connected with Shrewsoft:
>
>
>
> ASA 5520
>
> Policy includes access to 1 IP address: 192.168.113.193/32
>
> Connected client shows:
>
> SA Established=1
>
> Expired/Failed both = 0
>
> Status=Connected
>
> Transport=NAT-T RFC / IKE| ESP
>
> IKE Fragmentation = disabled
>
> Dead Peer Detection = enabled
>
>
>
> Computer routing table shows the following relevant new routes when
> connected (3.4.5.6 = :
>
> Active Routes:
>
> Network Destination Netmask
> Gateway Interface Metric
>
> 10.99.99.0 255.255.255.0
> On-link 10.99.99.240 286
>
> 10.99.99.240 255.255.255.255 On-link
> 10.99.99.240 286
>
> 10.99.99.255 255.255.255.255 On-link
> 10.99.99.240 286
>
> 3.4.5.6 255. 255.255.255
> 10.10.40.1 10.10.40.101 21
>
> 192.168.113.193 255.255.255.255 On-link
> 10.99.99.240 31
>
>
>
> Larry Gray
> Technician
> Phone: (317) 802-2530
> Fax: (317) 802-2531
> Extension: 22530
> E-mail: lgray at bgibson.com
>
> Disclaimer: The information enclosed in this transmission is considered
> private & confidential and may not be reproduced in any form without the
> senders permission. If you are not the intended recipient, any disclosure,
> copying, distribution, or any action taken or omitted to be taken in
> reliance on it is prohibited and is unlawful.
>
> Please consider the environment, *before* printing this email.
>
> Disclaimer added by *CodeTwo Exchange Rules 2013*
> www.codetwo.com <http://www.codetwo.com/?sts=2532>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/285c6424/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: teldata2828716
Type: image/jpeg
Size: 14985 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/285c6424/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: c17f1326-f74b-443b-854f-d8ebfcd977db0ca4d7
Type: image/gif
Size: 3639 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20141125/285c6424/attachment-0001.gif>
More information about the vpn-help
mailing list