HI Andrew, on the same Hypervisor, is a windows 7 working. And as I mentioned before, I can see the packets on the vpn client with a network sniffer.
And when I install the cisco client on the same vm, the tunnel is working fine. Regards Martin From: Roper, Andrew [mailto:[email protected]] Sent: Wednesday, March 07, 2012 3:43 PM To: Forster Martin Cc: [email protected] Subject: RE: win2008r2 ike phase 1 fails, works on win7x64 sp1 Martin, I have seen some other discussions on these lists where other people have had trouble with getting Shrew to work on Win2K8R2 and on any OS running in a VM. The suspicion is that Win2K8R2 is not supported and that something in the Hypervisor might be preventing the connection from establishing. I, personally, have not tried Shrew Client on an OS in a VM so I don't have any advice there. I would check to make sure that there aren't any firewall rules on the hypervisor that may be preventing the tunnel from establishing. Regards, Andrew From: Forster Martin [mailto:[email protected]] Sent: Friday, March 02, 2012 10:19 AM To: Roper, Andrew Subject: RE: win2008r2 ike phase 1 fails, works on win7x64 sp1 HI Andrew, both machines win7 and win2008r2 are behind the same firewall. (Watchguard) Both machines have their sw firewalls (onboard windows) on. I have verified the arrival of answer packets with - a monitoring port. - A local installation of the Microsoft network monitor on the win2008r2 box. The empty capture files I mentioned are from the Shrew Trace utility. I appended them. Further Details. Both are vms on a esxi 4.1 host. The win2008r2 ist running with a vmxnet3, the win7 box runs with e1000 adapter. The Firewall Server is some sort of cisco, i guess a ASA. Regards Martin From: Roper, Andrew [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, March 02, 2012 3:41 PM To: Forster Martin; [email protected]<mailto:[email protected]> Subject: RE: win2008r2 ike phase 1 fails, works on win7x64 sp1 Martin, I'm a little confused. You say that a network sniffer sees that the packets are arriving on the Win2K8 server but the VPN client does not and that debug packet captures are empty. Where was the sniffer placed? Which debug packet captures are empty? What is the VPN server that you are trying to connect to? Is the Win2K8 server behind a firewall? Is it the same firewall that the Win7 box is behind? Are you using the same configuration file between the two machines? Are there any other VPN clients installed on the Win2K8 box? Is there a software firewall running (by default Windows firewall is on in Win2K8R2)? -Andrew From: [email protected]<mailto:[email protected]> [mailto:[email protected]]<mailto:[mailto:[email protected]]> On Behalf Of Forster Martin Sent: Friday, March 02, 2012 8:31 AM To: [email protected]<mailto:[email protected]> Subject: [vpn-help] win2008r2 ike phase 1 fails, works on win7x64 sp1 Hi, on a windows 2008 R2 Server i have a problem in phase 1. Problem: the vpn client does not see the answers from vpn server. I have verified with Network sniffer that the packets arrive on the win2008 r2 box. The cap files from debugging are completely empty. No send and no receivepackets. In the iked log I see resend's and then a timeout like that: 12/03/02 13:37:50 DB : phase1 ref increment ( ref count = 1, obj count = 0 ) 12/03/02 13:37:50 DB : phase1 added ( obj count = 1 ) 12/03/02 13:37:50 >> : security association payload 12/03/02 13:37:50 >> : - proposal #1 payload 12/03/02 13:37:50 >> : -- transform #1 payload 12/03/02 13:37:50 >> : -- transform #2 payload 12/03/02 13:37:50 >> : -- transform #3 payload 12/03/02 13:37:50 >> : -- transform #4 payload 12/03/02 13:37:50 >> : -- transform #5 payload 12/03/02 13:37:50 >> : -- transform #6 payload 12/03/02 13:37:50 >> : -- transform #7 payload 12/03/02 13:37:50 >> : -- transform #8 payload 12/03/02 13:37:50 >> : -- transform #9 payload 12/03/02 13:37:50 >> : -- transform #10 payload 12/03/02 13:37:50 >> : -- transform #11 payload 12/03/02 13:37:50 >> : -- transform #12 payload 12/03/02 13:37:50 >> : -- transform #13 payload 12/03/02 13:37:50 >> : -- transform #14 payload 12/03/02 13:37:50 >> : -- transform #15 payload 12/03/02 13:37:50 >> : -- transform #16 payload 12/03/02 13:37:50 >> : -- transform #17 payload 12/03/02 13:37:50 >> : -- transform #18 payload 12/03/02 13:37:50 >> : key exchange payload 12/03/02 13:37:50 >> : nonce payload 12/03/02 13:37:50 >> : identification payload 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local supports XAUTH 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local supports nat-t ( draft v02 ) 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local supports nat-t ( draft v03 ) 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local supports nat-t ( rfc ) 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local supports DPDv1 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local is SHREW SOFT compatible 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local is NETSCREEN compatible 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local is SIDEWINDER compatible 12/03/02 13:37:50 >> : vendor id payload 12/03/02 13:37:50 ii : local is CISCO UNITY compatible 12/03/02 13:37:50 >= : cookies a5ee74543f00c208:0000000000000000 12/03/02 13:37:50 >= : message 00000000 12/03/02 13:37:50 -> : send IKE packet 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500 ( 1121 bytes ) 12/03/02 13:37:50 DB : phase1 resend event scheduled ( ref count = 2 ) 12/03/02 13:37:50 DB : phase1 ref decrement ( ref count = 1, obj count = 1 ) 12/03/02 13:37:50 DB : tunnel ref increment ( ref count = 3, obj count = 1 ) 12/03/02 13:37:55 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500 12/03/02 13:38:00 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500 12/03/02 13:38:05 -> : resend 1 phase1 packet(s) 10.100.100.10:500 -> xxx.xxx.xxx.xxx:500 12/03/02 13:38:10 ii : resend limit exceeded for phase1 exchange 12/03/02 13:38:10 ii : phase1 removal before expire time 12/03/02 13:38:10 DB : phase1 deleted ( obj count = 0 ) Any hints ? Regards Martin Forster
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
