[vpn-help] VPN tunnel is up but can't ping internal network

Fri May 22 06:19:31 CDT 2015

Ok , these are the logs but I removed many things from them , basically anything that looked suspicious to me
cookie, spi, message , real ip – replaced with dots or x

Thank you for taking an interest in resolving the problem.

From: prolag at gmail.com [mailto:prolag at gmail.com] On Behalf Of Alexis La Goutte
Sent: Thursday, May 21, 2015 9:54 PM
To: Alexandru Duzsardi
Cc: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] VPN tunnel is up but can't ping internal network

On Thu, May 21, 2015 at 8:27 PM, Alexandru Duzsardi <Alexandru.Duzsardi at kontrax.bg<mailto:Alexandru.Duzsardi at kontrax.bg>> wrote:

on the router or on shrew client?
Both
For Shrew, the information is available here to get log
https://www.shrew.net/support/VPN_Bug_Report_Windows

i just noticed that i only posted the IOS version not the actual harware

the harware is an old Cisco 1760 router, not a pix/asa firewall

Sent from android mobile

 Alexis La Goutte <alexis.lagoutte at gmail.com<mailto:alexis.lagoutte at gmail.com>> wrote:

Hi,
Do no forget to add vpn-help list to CC.
There is a lot of VPN concentrator but there is a menu with Logs... need to check logs...
Regards,

On Thu, May 21, 2015 at 8:05 PM, Alexandru Duzsardi <Alexandru.Duzsardi at kontrax.bg<mailto:Alexandru.Duzsardi at kontrax.bg>> wrote:

how do i check all of these, sorry but i'm not very familiar with cisco vpn configurations.

I always used openvpn and/or pptp in the past. Now i'm working at a company and i "inhereted" the cisco vpn concentrator without any real documentation just the login credentials.

Sent from android mobile

 Alexis La Goutte <alexis.lagoutte at gmail.com<mailto:alexis.lagoutte at gmail.com>> wrote:

Hi Alexandru,
What say the log of your Cisco VPN Gateway ?
When the VPN tunnel is UP, on Network Tab, there is Security Associations Established ?

What Do you have configure on Policy Generation level ?
Regards,

On Thu, May 21, 2015 at 10:23 AM, Alexandru Duzsardi <Alexandru.Duzsardi at kontrax.bg<mailto:Alexandru.Duzsardi at kontrax.bg>> wrote:
Hello,
I’m trying to change our Cisco vpn clients with Shrew , as many of you know that there are some issues with Cisco’s VPN client and windows 8(.1)
I’ve already tried everything that I could find on the net but it did not solve the issue.

So back to the problem in hand , I’ve imported the vpn profile from cisco client in shrew , it sets up the tunnel but I can’t ping any IP from the internal network(s) at our office.
We are using a Cisco IOS Software, C1700 Software (C1700-ADVSECURITYK9-M), Version 12.4(6)XT2, RELEASE SOFTWARE (fc2) router as our VPN concentrator
I can post the relevant parts of the IPSec configuration if needed

This is the client profile for now

n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
s:client-auto-mode:pull
s:client-iface:virtual
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
s:network-frag-mode:disable
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
s:ident-server-type:any
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
n:phase1-dhgroup:2
n:phase1-life-secs:86400
s:phase2-transform:auto
s:phase2-hmac:auto
n:phase2-pfsgroup:0
s:ipcomp-transform:disabled
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:1
n:client-wins-auto:1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:x.x.x.x (Public IP of the router)
s:auth-method:mutual-psk-xauth
s:ident-client-type:keyid
s:ident-client-data:Work
b:auth-mutual-psk:xxxxxxxxxxxxxxxx (Pre Shared Key)
s:client-saved-username:imicev
s:network-natt-mode:enable

If needed I will post the relevant parts of the router too.
Any help would be greatly appreciated.
Thank you!

_______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net<mailto:vpn-help at lists.shrew.net>
https://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150522/64e05e65/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logs.zip
Type: application/x-zip-compressed
Size: 7008 bytes
Desc: logs.zip
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20150522/64e05e65/attachment-0001.bin>