<font size=2 face="sans-serif">I've tried this variation as well and I
still get the exact same errors on the router and client..</font>
<br><font size=2 face="sans-serif">Thanks,<br>
Shawn Edwards<br>
Sr. Network Analyst<br>
Pathix ASP<br>
A Division of Vector Aerospace Corporation <br>
Ph: 709-724-8564<br>
Fax: 709-724-8545<br>
sedwards@pathix.com</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">From:</font>
<td><font size=1 face="sans-serif">"Garber, Kevin M." <Kevin.Garber@glatfelter.com></font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">To:</font>
<td><font size=1 face="sans-serif">"Shawn Edwards" <sedwards@pathix.com>,
<vpn-help@lists.shrew.net>, <vpn-help-bounces@lists.shrew.net></font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Date:</font>
<td><font size=1 face="sans-serif">02/11/2010 01:48 PM</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="sans-serif">Subject:</font>
<td><font size=1 face="sans-serif">RE: [vpn-help] Using Shrewsoft with
IAS Radius + Cisco</font></table>
<br>
<hr noshade>
<br>
<br>
<br><font size=2 color=#004080 face="Calibri">Shawn,</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">Are you using the format
of user@domain.whatever? The format of domain\user does not work.
</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 color=#004080 face="Calibri">Kevin</font>
<br><font size=2 color=#004080 face="Calibri"> </font>
<br><font size=2 face="Tahoma"><b>From:</b> vpn-help-bounces@lists.shrew.net
[</font><a href="mailto:vpn-help-bounces@lists.shrew.net"><font size=2 face="Tahoma">mailto:vpn-help-bounces@lists.shrew.net</font></a><font size=2 face="Tahoma">]
<b>On Behalf Of </b>Shawn Edwards<b><br>
Sent:</b> Thursday, February 11, 2010 11:33 AM<b><br>
To:</b> vpn-help@lists.shrew.net; vpn-help-bounces@lists.shrew.net<b><br>
Subject:</b> Re: [vpn-help] Using Shrewsoft with IAS Radius + Cisco</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 face="Arial">We are using a Cisco ISR with Easy VPN Server
to connect remote users to our network. We've been using it for quite some
time with Cisco VPN Client but obviously need a 64 bit VPN Client. I came
across shrewsoft VPN Client not too long ago, and would love if I could
get this software working as it seems too good to be true.. In any case
Here's what we have:</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="Arial"><br>
Cisco ISR 2821 Running IPSEC VPN , doing radius authentication to a Windows
Server 2003 Radius Server. Everything's configured properly as we use it
successfully with the Cisco VPN Client.</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
I installed shrewsoft 2.1.5, and it successfully imported the existing
cisco PCF File we had. When I attempt to connect it asks me for username
and password (No Domain field like Cisco VPN Though) I enter in credentials
of a user that has permission's to connect.. Here is the output of shrewsoft:</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
config loaded for site 'MyCompany.pcf'</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
configuring client settings ...</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
attached to key daemon ...</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
peer configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
iskamp proposal configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
esp proposal configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
client configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
local id configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
pre-shared key configured</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
bringing up tunnel ...</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
user authentication error</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
tunnel disabled</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
detached from key daemon </font><font size=3 face="Times New Roman"><br>
</font><font size=2 face="Arial"><br>
I did a Debug RADIUS on the cisco ISR and get the following:</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: ISAKMP:(0):Support for IKE Fragmentation not enabled</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7):Orig. component type = VPN_IPSEC</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: AAA Unsupported Attr: interface
[175] 13</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: 31 39 32 2E 31 36 38 2E 32 35 32</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
[192.168.252]</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): dropping service type, "radius-se</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
rver attribute 6 on-for-login-auth" is off</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS(000064C7): Config NAS IP: removed-ip-address</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS/ENCODE(000064C7): acct_session_id: 25799</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS(000064C7): sending</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS(000064C7): Send Access-Request to 192.168.32.2:1645</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
id 1645/5, len 161</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: authenticator 97 70 52 F6 D5 AD D2
3F - 57 93 56</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
2F 79 6D C5 3F</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: User-Name
[1] 9 "testinguser"</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: Calling-Station-Id [31] 17
"removed-ip-address"</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 24</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: MS-CHAP-Challenge [11] 18</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: 97 70 52 F6 D5 AD D2 3F 57 93 56 2F
79 6D C5 3F</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
[?pR?????W?V/ym??]</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 58</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: MS-CHAP-V2-Response[25] 52 *</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: NAS-Port-Type
[61] 6 Virtual</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
[5]</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: NAS-Port
[5] 6 9</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: NAS-Port-Id
[87] 15 "removed-ip-address"</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: NAS-IP-Address [4]
6 removed-ip-address</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: Received from id 1645/5 removed-ip-address:1645,
Access-</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
Reject, len 42</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: authenticator 4D 85 12 70 89 79 43
60 - 5B 76 6B</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
BA 80 20 92 D3</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: Vendor, Microsoft [26] 22</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: MS-CHAP-ERROR [2]
16</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS: 00 45 3D 36 39 31 20 52 3D 30 20 56
3D 33</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
[?E=691 R=0 V=3]</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS(000064C7): Received from id 1645/5</font><font size=3 face="Times New Roman">
</font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS/DECODE: Failure message in the MS-Chap-Error
attrib</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
ute is E=691 R=0 V=3</font><font size=3 face="Times New Roman"> </font><font size=2 face="Arial"><br>
*Feb 10 15:08:16 NST: RADIUS/DECODE: Authentication failure</font><font size=3 face="Times New Roman">
<br>
<br>
</font><font size=2 face="Arial"><br>
Any ideas/help would be greatly appreciated..</font><font size=3 face="Times New Roman">
<br>
<br>
</font><font size=2 face="Arial"><br>
Thanks,<br>
Shawn Edwards<br>
Sr. Network Analyst<br>
Pathix ASP<br>
A Division of Vector Aerospace Corporation <br>
Ph: 709-724-8564<br>
Fax: 709-724-8545<br>
sedwards@pathix.com</font><font size=3 face="Times New Roman"> <br>
</font>
<p>
<table width=100%>
<tr valign=top>
<td width=10%><font size=1 color=#5f5f5f face="Arial">From:</font><font size=3 face="Times New Roman">
</font>
<td width=89%><font size=1 face="Arial">"Mike Parsons" <mike.parsons@mynetwiz.com></font><font size=3 face="Times New Roman">
</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="Arial">To:</font><font size=3 face="Times New Roman">
</font>
<td><font size=1 face="Arial">"'Lukasz Sokol'" <el.es.cr@googlemail.com>,
<vpn-help@lists.shrew.net></font><font size=3 face="Times New Roman">
</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="Arial">Date:</font><font size=3 face="Times New Roman">
</font>
<td><font size=1 face="Arial">02/11/2010 12:59 PM</font><font size=3 face="Times New Roman">
</font>
<tr valign=top>
<td><font size=1 color=#5f5f5f face="Arial">Subject:</font><font size=3 face="Times New Roman">
</font>
<td><font size=1 face="Arial">Re: [vpn-help] Using VPN Trace utility</font></table>
<br><font size=3 face="Times New Roman"> </font>
<div align=center>
<br>
<hr noshade></div>
<br><font size=3 face="Times New Roman"><br>
<br>
</font><font size=2 face="Courier New"><br>
Thanks, Lukasz--<br>
<br>
You're referring to the open log button I assume and not the trace log?<br>
What is the trace log ubutton used for?<br>
<br>
Why aren't log files showing up in the shrew soft directory under the debug<br>
folder?<br>
<br>
Thanks in advance.<br>
<br>
Mike Parsons -- CISSP, IAM, IEM<br>
Chief Technical Officer<br>
mike.parsons@mynetwiz.com<br>
cell: 336-403-9710 <br>
office: 336-306-5573 <br>
<br>
Information security architecture and consulting <br>
Risk assessment<br>
Compliance readiness assessment<br>
Design and implementation services <br>
JNCIA -- Firewalls, SSL/VPN, IDP <br>
JNSS -- UAC, Security, Routers, DX <br>
Ironport, Bluecoat and Tipping Point certified <br>
Graduate Certificate in Information Security and Privacy <br>
Security+<br>
MCP </font><font size=3 color=blue face="Times New Roman"><u><br>
</u></font><a href=www.mynetwiz.com><font size=2 color=blue face="Courier New"><u>www.mynetwiz.com</u></font></a><font size=2 face="Courier New"><br>
******************************************************* <br>
Managing information risk through the application of sound technology <br>
If you know me, you can trust me.<br>
<br>
Galatians 2:20 <br>
<br>
-----Original Message-----<br>
From: Lukasz Sokol [</font><a href=mailto:el.es.cr@googlemail.com><font size=2 color=blue face="Courier New"><u>mailto:el.es.cr@googlemail.com</u></font></a><font size=2 face="Courier New">]
<br>
Sent: Thursday, February 11, 2010 11:22 AM<br>
To: Mike Parsons<br>
Subject: Re: [vpn-help] Using VPN Trace utility<br>
<br>
Hello Mike,<br>
<br>
On 11/02/2010 15:57, Mike Parsons wrote:<br>
> Hello-<br>
> <br>
> <br>
> <br>
> I am trying to debug a vpn client connect issue using Shrew Soft 2.1.5
on<br>
> windows 7 and connecting to a Juniper SSG<br>
> <br>
> <br>
> <br>
> I started the VPN trace application and then attempted top connect
to the<br>
> SSG. No output showed up in any of the VPN trace application
tabs nor did<br>
> anything show up in the log files of the client.<br>
> <br>
> <br>
> <br>
> Any thoughts?<br>
> <br>
<br>
When you start Shrew Trace Utility, you need to go to File -> Options,<br>
there select Log Output Level (I select Informational), click OK,<br>
then in the main window click on Open Log button in each tab.<br>
(ver 2.1.5 had it so)<br>
<br>
Lukasz<br>
<br>
_______________________________________________<br>
vpn-help mailing list<br>
vpn-help@lists.shrew.net</font><font size=3 color=blue face="Times New Roman"><u><br>
</u></font><a href="http://lists.shrew.net/mailman/listinfo/vpn-help"><font size=2 color=blue face="Courier New"><u>http://lists.shrew.net/mailman/listinfo/vpn-help</u></font></a><font size=3 face="Times New Roman"><br>
<br>
</font><font size=2 face="Arial"><br>
<br>
</font>
<div align=center>
<br>
<hr></div>
<br><font size=1 face="Arial"><i><br>
This e-mail may contain confidential information and the sender does not
waive any related rights and obligations. If you are not the intended recipient
please notify the sender and discard it.</i></font>
<br>
<br><font size=2 face="sans-serif"><br>
<br>
<br>
</font>
<hr><font size=1 face="sans-serif"><i><br>
This e-mail may contain confidential information and the sender does not
waive any related rights and obligations. If you are not the intended recipient
please notify the sender and discard it.</i></font>