<div dir="ltr"><div>Hi Larry,<br><br><br></div><div>Do you have check your Shrew log and Cisco logs ?<br><br></div><div>Regards,<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 25, 2014 at 2:31 PM, Larry Gray <span dir="ltr"><<a href="mailto:lgray@bgibson.com" target="_blank">lgray@bgibson.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">I work with a lot of different customers who use a lot of different equipment to provide vpn connections so we can maintain equipment. I have been using Shrew for a while now for quite a few cisco vpn connections and haven’t had a problem.
I received a new pcf file from a new site and imported it into the client. When I load the connection and login, I connect, I see new routes that are built, but I cannot ping or access the one device they are permitting us to access. The cisco vpn client
works, but I cannot access anything with shrewsoft. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have done a lot of research trying to find an answer, but my vpn troubleshooting skills are not that strong. The customer is open to some guidance, but they will not let us work with their firewall. I have found mention of the following
possible issues:<u></u><u></u></p>
<p><u></u><span>1.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Single host policy failing: <span style="color:#1f497d"><a href="https://lists.shrew.net/pipermail/vpn-help/2011-July/003879.html" target="_blank">https://lists.shrew.net/pipermail/vpn-help/2011-July/003879.html</a></span><u></u><u></u></p>
<p><u></u><span>2.<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>Issues with split tunneling: <span style="color:#1f497d">
<a href="https://lists.shrew.net/pipermail/vpn-help/2009-October/001426.html" target="_blank">https://lists.shrew.net/pipermail/vpn-help/2009-October/001426.html</a></span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">But none of those are for an ASA 5520. Can someone help with additional troubleshooting steps so I can guide the customers IT staff to make a slight change in their firewall so this works with Shrewsoft? Or, maybe tell me something I
can set in shrewsoft that might work?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here are some highlights when connected with Shrewsoft:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">ASA 5520<u></u><u></u></p>
<p class="MsoNormal">Policy includes access to 1 IP address: <a href="http://192.168.113.193/32" target="_blank">192.168.113.193/32</a><u></u><u></u></p>
<p class="MsoNormal">Connected client shows:<u></u><u></u></p>
<p class="MsoNormal">SA Established=1<u></u><u></u></p>
<p class="MsoNormal">Expired/Failed both = 0<u></u><u></u></p>
<p class="MsoNormal">Status=Connected<u></u><u></u></p>
<p class="MsoNormal">Transport=NAT-T RFC / IKE| ESP<u></u><u></u></p>
<p class="MsoNormal">IKE Fragmentation = disabled<u></u><u></u></p>
<p class="MsoNormal">Dead Peer Detection = enabled<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Computer routing table shows the following relevant new routes when connected (3.4.5.6 = :<u></u><u></u></p>
<p class="MsoNormal">Active Routes:<u></u><u></u></p>
<p class="MsoNormal">Network Destination Netmask Gateway Interface Metric<u></u><u></u></p>
<p class="MsoNormal"> 10.99.99.0 255.255.255.0 On-link 10.99.99.240 286<u></u><u></u></p>
<p class="MsoNormal"> 10.99.99.240 255.255.255.255 On-link 10.99.99.240 286<u></u><u></u></p>
<p class="MsoNormal"> 10.99.99.255 255.255.255.255 On-link 10.99.99.240 286<u></u><u></u></p>
<p class="MsoNormal"> 3.4.5.6 255. 255.255.255 10.10.40.1 10.10.40.101 21<u></u><u></u></p>
<p class="MsoNormal"> 192.168.113.193 255.255.255.255 On-link 10.99.99.240 31<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<br>
<table style="FONT-SIZE:12px;FONT-FAMILY:Arial;LINE-HEIGHT:18px" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="4"></td>
</tr>
<tr>
<td valign="top" width="122"><img src="cid:teldata2828716" hspace="0" border="0"></td>
<td valign="top" width="104"></td>
<td width="20"></td>
<td valign="top"><span style="FONT-SIZE:16px;COLOR:#0e723b"><font color="#004dbb">Larry</font> <font color="#004dbb"></font>
<font color="#004dbb">Gray</font><br>
<font color="#004dbb">Technician</font></span> <br>
Phone: (317) 802-2530<br>
Fax: (317) 802-2531<br>
Extension: 22530<br>
E-mail: <a href="mailto:lgray@bgibson.com" target="_blank">lgray@bgibson.com</a></td>
</tr>
<tr>
<td colspan="4"><img src="cid:c17f1326-f74b-443b-854f-d8ebfcd977db0ca4d7"></td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="MARGIN:0in 0in 0pt"><span style="FONT-SIZE:8pt;FONT-FAMILY:"Arial","sans-serif";COLOR:gray" lang="EN-AU">Disclaimer: The information enclosed in this transmission is considered private & confidential and
may not be reproduced in any form without the senders permission. If you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it is prohibited and is unlawful.<u></u><u></u></span></p>
<p class="MsoNormal" style="MARGIN:0in 0in 0pt"><span style="FONT-SIZE:8pt;FONT-FAMILY:"Verdana","sans-serif";COLOR:#00b050" lang="EN-AU">Please consider the environment,
<b>before</b> printing this email.</span><span style="COLOR:#00b050" lang="EN-AU"><u></u><u></u></span></p>
<div style="color:#999999;font-size:11px;font-family:verdana"><br>
Disclaimer added by <b>CodeTwo Exchange Rules 2013</b><br>
<a href="http://www.codetwo.com/?sts=2532" target="_blank">www.codetwo.com</a></div>
<br>
</div>
<br>_______________________________________________<br>
vpn-help mailing list<br>
<a href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a><br>
<a href="https://lists.shrew.net/mailman/listinfo/vpn-help" target="_blank">https://lists.shrew.net/mailman/listinfo/vpn-help</a><br>
<br></blockquote></div><br></div></div></div></div>