<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18876">
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-SIZE: 11pt
}
LI.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-SIZE: 11pt
}
DIV.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Calibri","sans-serif"; FONT-SIZE: 11pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: windowtext; mso-style-type: personal-compose
}
.MsoChpDefault {
mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US link=blue bgColor=#ffffff vLink=purple>
<DIV><FONT size=2>Hello,</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>If you use ModeConfig+XAUTh add in Shrew - IPSEC Policy
</FONT></DIV>
<DIV>jj.q.25.0 / 255.255.255.0</DIV>
<DIV>x.y.z.0 / 255.255.255.0 - ip pool to serwer you want get.</DIV>
<DIV> </DIV>
<DIV><FONT size=2>If you don't use ModeConfig+XAUTh the Shrew simply won't
connect.</FONT></DIV>
<DIV><FONT size=2>Regards,</FONT></DIV>
<DIV><FONT size=2> Michal Wegrzyn</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=plhdlh@sbcglobal.net href="mailto:plhdlh@sbcglobal.net">Preston
Harrison</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=vpn-help@lists.shrew.net
href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, February 13, 2010 6:40
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [vpn-help] Tunnel from Shrew
Soft to Netgear FVS338 formed but notworking</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal>I’m using the Shrew Soft VPN Client, Verison 2.15 to form a
tunnel to a Netgear FVS338. I can't connect using Remote Desktop and I
get a timeout from PING. <o:p></o:p></P>
<P class=MsoNormal>Here is the VPN log on the FVS338 (I substitued random
letters for the number in the first two octets of the IPs in the log for
security purposes):<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Remote configuration
for identifier "vpn.com" found_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Received request for
new phasIf e 1 negotiation:
sy.vw.36.137[500]<=>ab.gh.88.140[500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Beginning Aggressive
mode._<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor
ID_<o:p></o:p></P>
<P
class=MsoNormal>
- Last output repeated twice -<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Received Vendor ID:
draft-ietf-ipsec-nat-t-ike-02__<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:17 [FVS338] [IKE] Received unknown Vendor
ID_<o:p></o:p></P>
<P
class=MsoNormal>
- Last output repeated 6 times -<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:18 [FVS338] [IKE] Received Vendor ID:
CISCO-UNITY_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:18 [FVS338] [IKE] For ab.gh.88.140[500],
Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] Floating ports for
NAT-T with peer ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not
match for sy.vw.36.137[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] NAT-D payload does not
match for ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] NAT detected: Local is
behind a NAT device. and alsoPeer is behind a NAT device_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] Sending Xauth request
to ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] ISAKMP-SA established
for sy.vw.36.137[4500]-ab.gh.88.140[4500] with
spi:cbd501b988552332:978610d758636710_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:20 [FVS338] [IKE] purging
spi=250579867._<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:21 [FVS338] [IKE] Received attribute type
"ISAKMP_CFG_REPLY" from ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:21 [FVS338] [IKE] Login succeeded for
user "Preston"_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:22 [FVS338] [IKE] Received attribute type
"ISAKMP_CFG_REQUEST" from ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:22 [FVS338] [IKE] jj.q.25.101 IP address
is assigned to remote peer ab.gh.88.140[4500]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:22 [FVS338] [IKE] Ignored attribute
5_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:22 [FVS338] [IKE] Cannot open
"/etc/motd"_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:30 [FVS338] [IKE] Responding to new phase
2 negotiation: sy.vw.36.137[0]<=>ab.gh.88.140[0]_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:30 [FVS338] [IKE] Using IPsec SA
configuration: rst.lmn.0.0/24<->jj.q.25.0/24_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:31 [FVS338] [IKE] Adjusting peer's
encmode 61443(61443)->Tunnel(1)_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA
established[UDP encap 4500->4500]: ESP/Tunnel ab.gh.88.140->sy.vw.36.137
with spi=87747332(0x53aeb04)_<o:p></o:p></P>
<P class=MsoNormal>2010 Feb 12 23:15:32 [FVS338] [IKE] IPsec-SA
established[UDP encap 4500->4500]: ESP/Tunnel sy.vw.36.137->ab.gh.88.140
with spi=3107620073(0xb93a84e9)_<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>sy.vw.36.137 is the VPN host (FVS338) IP<o:p></o:p></P>
<P class=MsoNormal>ab.gh.88.140 is the client host (AT&T 2wire
Gateway)<o:p></o:p></P>
<P class=MsoNormal>jj.q.25.0 is the Mode Config IP pool<o:p></o:p></P>
<P class=MsoNormal>rst.lmn.0.0 is the FVS338 DHCP assigned IP<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P>
<P class=MsoNormal>Can anyone tell me why I can't use the
tunnel?<o:p></o:p></P>
<P class=MsoNormal><o:p> </o:p></P></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>vpn-help mailing
list<BR>vpn-help@lists.shrew.net<BR>http://lists.shrew.net/mailman/listinfo/vpn-help<BR></BLOCKQUOTE></BODY></HTML>