[vpn-help] VPN tunnel is up but can't ping internal network

Thu May 21 13:53:50 CDT 2015

On Thu, May 21, 2015 at 8:27 PM, Alexandru Duzsardi <
Alexandru.Duzsardi at kontrax.bg> wrote:

>  on the router or on shrew client?
>
> Both
For Shrew, the information is available here to get log
https://www.shrew.net/support/VPN_Bug_Report_Windows

> i just noticed that i only posted the IOS version not the actual harware
> the harware is an old Cisco 1760 router, not a pix/asa firewall
>
> Sent from android mobile
>
>  Alexis La Goutte <alexis.lagoutte at gmail.com> wrote:
>
>
>   Hi,
>
>  Do no forget to add vpn-help list to CC.
>
>  There is a lot of VPN concentrator but there is a menu with Logs... need
> to check logs...
>
>  Regards,
>
> On Thu, May 21, 2015 at 8:05 PM, Alexandru Duzsardi <
> Alexandru.Duzsardi at kontrax.bg> wrote:
>
>>  how do i check all of these, sorry but i'm not very familiar with cisco vpn configurations.
>>
>> I always used openvpn and/or pptp in the past. Now i'm working at a company and i "inhereted" the cisco vpn concentrator without any real documentation just the login credentials.
>>
>> Sent from android mobile
>>
>>  Alexis La Goutte <alexis.lagoutte at gmail.com> wrote:
>>
>>
>>    Hi Alexandru,
>>
>>  What say the log of your Cisco VPN Gateway ?
>>
>>  When the VPN tunnel is UP, on Network Tab, there is Security
>> Associations Established ?
>>
>>  What Do you have configure on Policy Generation level ?
>>
>>  Regards,
>>
>> On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi <
>> Alexandru.Duzsardi at kontrax.bg> wrote:
>>
>>>  Hello,
>>>
>>> I’m trying to change our Cisco vpn clients with Shrew , as many of you
>>> know that there are some issues with Cisco’s VPN client and windows 8(.1)
>>>
>>> I’ve already tried everything that I could find on the net but it did
>>> not solve the issue.
>>>
>>>
>>>
>>> So back to the problem in hand , I’ve imported the vpn profile from
>>> cisco client in shrew , it sets up the tunnel but I can’t ping any IP from
>>> the internal network(s) at our office.
>>>
>>> We are using a Cisco IOS Software, C1700 Software
>>> (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router
>>> as our VPN concentrator
>>>
>>> I can post the relevant parts of the IPSec configuration if needed
>>>
>>>
>>>
>>> This is the client profile for now
>>>
>>>
>>>
>>> n:version:4
>>>
>>> n:network-ike-port:500
>>>
>>> n:network-mtu-size:1380
>>>
>>> s:client-auto-mode:pull
>>>
>>> s:client-iface:virtual
>>>
>>> n:client-addr-auto:1
>>>
>>> n:network-natt-port:4500
>>>
>>> n:network-natt-rate:15
>>>
>>> s:network-frag-mode:disable
>>>
>>> n:network-frag-size:540
>>>
>>> n:network-dpd-enable:1
>>>
>>> n:network-notify-enable:1
>>>
>>> n:client-banner-enable:1
>>>
>>> s:ident-server-type:any
>>>
>>> s:phase1-exchange:aggressive
>>>
>>> s:phase1-cipher:auto
>>>
>>> s:phase1-hash:auto
>>>
>>> n:phase1-dhgroup:2
>>>
>>> n:phase1-life-secs:86400
>>>
>>> s:phase2-transform:auto
>>>
>>> s:phase2-hmac:auto
>>>
>>> n:phase2-pfsgroup:0
>>>
>>> s:ipcomp-transform:disabled
>>>
>>> n:client-dns-used:1
>>>
>>> n:client-dns-auto:1
>>>
>>> n:client-dns-suffix-auto:1
>>>
>>> n:client-splitdns-used:1
>>>
>>> n:client-splitdns-auto:1
>>>
>>> n:client-wins-used:1
>>>
>>> n:client-wins-auto:1
>>>
>>> n:phase2-life-secs:3600
>>>
>>> n:phase2-life-kbytes:0
>>>
>>> n:policy-nailed:0
>>>
>>> n:policy-list-auto:1
>>>
>>> s:network-host:x.x.x.x (Public IP of the router)
>>>
>>> s:auth-method:mutual-psk-xauth
>>>
>>> s:ident-client-type:keyid
>>>
>>> s:ident-client-data:Work
>>>
>>> b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key)
>>>
>>> s:client-saved-username:imicev
>>>
>>> s:network-natt-mode:enable
>>>
>>>
>>>
>>>
>>>
>>> If needed I will post the relevant parts of the router too.
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Thank you!
>>>
>>> _______________________________________________
>>> vpn-help mailing list
>>> vpn-help at lists.shrew.net
>>> https://lists.shrew.net/mailman/listinfo/vpn-help
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150521/9e9ba487/attachment.html>