[vpn-help] VPN tunnel is up but can't ping internal network

Alexis La Goutte alexis.lagoutte at gmail.com
Thu May 21 12:54:58 CDT 2015 

Hi Alexandru,

What say the log of your Cisco VPN Gateway ?

When the VPN tunnel is UP, on Network Tab, there is Security Associations
Established ?

What Do you have configure on Policy Generation level ?

Regards,

On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi <
Alexandru.Duzsardi at kontrax.bg> wrote:

>  Hello,
>
> I’m trying to change our Cisco vpn clients with Shrew , as many of you
> know that there are some issues with Cisco’s VPN client and windows 8(.1)
>
> I’ve already tried everything that I could find on the net but it did not
> solve the issue.
>
>
>
> So back to the problem in hand , I’ve imported the vpn profile from cisco
> client in shrew , it sets up the tunnel but I can’t ping any IP from the
> internal network(s) at our office.
>
> We are using a Cisco IOS Software, C1700 Software
> (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router
> as our VPN concentrator
>
> I can post the relevant parts of the IPSec configuration if needed
>
>
>
> This is the client profile for now
>
>
>
> n:version:4
>
> n:network-ike-port:500
>
> n:network-mtu-size:1380
>
> s:client-auto-mode:pull
>
> s:client-iface:virtual
>
> n:client-addr-auto:1
>
> n:network-natt-port:4500
>
> n:network-natt-rate:15
>
> s:network-frag-mode:disable
>
> n:network-frag-size:540
>
> n:network-dpd-enable:1
>
> n:network-notify-enable:1
>
> n:client-banner-enable:1
>
> s:ident-server-type:any
>
> s:phase1-exchange:aggressive
>
> s:phase1-cipher:auto
>
> s:phase1-hash:auto
>
> n:phase1-dhgroup:2
>
> n:phase1-life-secs:86400
>
> s:phase2-transform:auto
>
> s:phase2-hmac:auto
>
> n:phase2-pfsgroup:0
>
> s:ipcomp-transform:disabled
>
> n:client-dns-used:1
>
> n:client-dns-auto:1
>
> n:client-dns-suffix-auto:1
>
> n:client-splitdns-used:1
>
> n:client-splitdns-auto:1
>
> n:client-wins-used:1
>
> n:client-wins-auto:1
>
> n:phase2-life-secs:3600
>
> n:phase2-life-kbytes:0
>
> n:policy-nailed:0
>
> n:policy-list-auto:1
>
> s:network-host:x.x.x.x (Public IP of the router)
>
> s:auth-method:mutual-psk-xauth
>
> s:ident-client-type:keyid
>
> s:ident-client-data:Work
>
> b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key)
>
> s:client-saved-username:imicev
>
> s:network-natt-mode:enable
>
>
>
>
>
> If needed I will post the relevant parts of the router too.
>
> Any help would be greatly appreciated.
>
> Thank you!
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150521/6b884eef/attachment.html>

More information about the vpn-help mailing list