Hi Matthew, thank's a lot. Now I can successfully establish tunnel. But I still have one problem - I can not access any server behind ssg. In policy log on ssg I can not see any attempt - what should I change else? Now my config is:
n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:1 n:client-banner-enable:0 n:network-notify-enable:1 n:client-wins-used:0 n:client-wins-auto:0 n:client-dns-used:1 n:client-dns-auto:0 n:client-splitdns-used:0 n:client-splitdns-auto:0 n:phase1-dhgroup:5 n:phase1-keylen:256 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:256 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:1 n:policy-list-auto:0 s:client-saved-username:test test s:network-host:[remote ip] s:client-auto-mode:disabled s:client-iface:direct s:network-natt-mode:enable s:network-frag-mode:enable s:client-dns-addr:10.200.0.8 s:auth-method:mutual-psk-xauth s:ident-client-type:ufqdn s:ident-server-type:any s:ident-client-data:em...@address b:auth-mutual-psk:xxxxxxxxxxx s:phase1-exchange:aggressive s:phase1-cipher:aes s:phase1-hash:sha1 s:phase2-transform:esp-aes s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:5 s:policy-level:require s:policy-list-include:10.200.0.0 / 255.255.255.0 On 10/11/2010 12:55 AM, Matthew Grooms wrote:
If the client is set to use "virtual adapter and assigned address", you need to change it to "existing adapter and current address".
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
