[vpn-help] VPN tunnel is up but can't ping internal network

Alexis La Goutte alexis.lagoutte at gmail.com
Thu May 21 13:09:59 CDT 2015 

Hi,

Do no forget to add vpn-help list to CC.

There is a lot of VPN concentrator but there is a menu with Logs... need to
check logs...

Regards,

On Thu, May 21, 2015 at 8:05 PM, Alexandru Duzsardi <
Alexandru.Duzsardi at kontrax.bg> wrote:

>  how do i check all of these, sorry but i'm not very familiar with cisco vpn configurations.
>
> I always used openvpn and/or pptp in the past. Now i'm working at a company and i "inhereted" the cisco vpn concentrator without any real documentation just the login credentials.
>
> Sent from android mobile
>
>  Alexis La Goutte <alexis.lagoutte at gmail.com> wrote:
>
>
>   Hi Alexandru,
>
>  What say the log of your Cisco VPN Gateway ?
>
>  When the VPN tunnel is UP, on Network Tab, there is Security
> Associations Established ?
>
>  What Do you have configure on Policy Generation level ?
>
>  Regards,
>
> On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi <
> Alexandru.Duzsardi at kontrax.bg> wrote:
>
>>  Hello,
>>
>> I’m trying to change our Cisco vpn clients with Shrew , as many of you
>> know that there are some issues with Cisco’s VPN client and windows 8(.1)
>>
>> I’ve already tried everything that I could find on the net but it did not
>> solve the issue.
>>
>>
>>
>> So back to the problem in hand , I’ve imported the vpn profile from cisco
>> client in shrew , it sets up the tunnel but I can’t ping any IP from the
>> internal network(s) at our office.
>>
>> We are using a Cisco IOS Software, C1700 Software
>> (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router
>> as our VPN concentrator
>>
>> I can post the relevant parts of the IPSec configuration if needed
>>
>>
>>
>> This is the client profile for now
>>
>>
>>
>> n:version:4
>>
>> n:network-ike-port:500
>>
>> n:network-mtu-size:1380
>>
>> s:client-auto-mode:pull
>>
>> s:client-iface:virtual
>>
>> n:client-addr-auto:1
>>
>> n:network-natt-port:4500
>>
>> n:network-natt-rate:15
>>
>> s:network-frag-mode:disable
>>
>> n:network-frag-size:540
>>
>> n:network-dpd-enable:1
>>
>> n:network-notify-enable:1
>>
>> n:client-banner-enable:1
>>
>> s:ident-server-type:any
>>
>> s:phase1-exchange:aggressive
>>
>> s:phase1-cipher:auto
>>
>> s:phase1-hash:auto
>>
>> n:phase1-dhgroup:2
>>
>> n:phase1-life-secs:86400
>>
>> s:phase2-transform:auto
>>
>> s:phase2-hmac:auto
>>
>> n:phase2-pfsgroup:0
>>
>> s:ipcomp-transform:disabled
>>
>> n:client-dns-used:1
>>
>> n:client-dns-auto:1
>>
>> n:client-dns-suffix-auto:1
>>
>> n:client-splitdns-used:1
>>
>> n:client-splitdns-auto:1
>>
>> n:client-wins-used:1
>>
>> n:client-wins-auto:1
>>
>> n:phase2-life-secs:3600
>>
>> n:phase2-life-kbytes:0
>>
>> n:policy-nailed:0
>>
>> n:policy-list-auto:1
>>
>> s:network-host:x.x.x.x (Public IP of the router)
>>
>> s:auth-method:mutual-psk-xauth
>>
>> s:ident-client-type:keyid
>>
>> s:ident-client-data:Work
>>
>> b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key)
>>
>> s:client-saved-username:imicev
>>
>> s:network-natt-mode:enable
>>
>>
>>
>>
>>
>> If needed I will post the relevant parts of the router too.
>>
>> Any help would be greatly appreciated.
>>
>> Thank you!
>>
>> _______________________________________________
>> vpn-help mailing list
>> vpn-help at lists.shrew.net
>> https://lists.shrew.net/mailman/listinfo/vpn-help
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150521/c5a00c7f/attachment.html>

More information about the vpn-help mailing list