To whom it may concern,
If this is not the correct place to send a question, please tell me where to post. I am using Shrewsoft Version 2.2.2 to connect to a Cisco SA500 router. I Have listed the pertinent settings below but here is my problem: I can get a connection without any problem and I am able to Ping the remote server, send and receive SQL Server messages and Map remote drives, etc. HOWEVER there are times (and it fairly frequent) when the connection seems to get lost even though Shrewsoft says it is still connected? When this happens I lose all connectivity to the remote (I cannot ping, access mapped drives or use the remote SQL Server). Additionally I do not see myself as a user on the VPN router. This happens whether my local computer is connected using wires, wirelessly, though a switch, directly to my local router with no one else on the remote or local network and on the following local operating systems: XP, Vista and Windows 7 (both 32 and 64 bit). Once I lose the connectivity I can disconnect Shrewsoft and reconnect without a problem, but there is still no functionality unless I wait several minutes. Then all works again for a while before I lose function again. Can someone please help me make the connection stable? Thank you in advance. Corey Ziff The Shrewsoft vpn file is set as follows: n:version:4 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:0 n:client-banner-enable:1 n:network-notify-enable:1 n:client-dns-used:1 n:client-dns-auto:0 n:client-dns-suffix-auto:1 n:client-splitdns-used:0 n:client-splitdns-auto:1 n:client-wins-used:0 n:client-wins-auto:1 n:phase1-dhgroup:2 n:phase1-life-secs:86400 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:0 s:network-host: XX.XXX.XXX.XXX (I have a real external IP address here) s:client-auto-mode:pull s:client-iface:direct s:network-natt-mode:enable s:network-frag-mode:enable s:client-dns-addr: XX.XXX.XXX.XXX (I have a real internal IP address here) s:auth-method:mutual-psk-xauth s:ident-client-type:fqdn s:ident-server-type:fqdn s:ident-client-data:remote.com s:ident-server-data:local.com b:auth-mutual-psk: XXXXXXXXXXXXXXXXXXX I changed this value for this email) s:phase1-exchange:aggressive s:phase1-cipher:auto s:phase1-hash:auto s:phase2-transform:esp-3des s:phase2-hmac:sha1 s:ipcomp-transform:disabled n:phase2-pfsgroup:0 s:policy-level:auto s:policy-list-include: XX.XXX.XXX.XXX / XX.XXX.XXX.XXX (I have a real internal IP address/mask here) s:client-saved-username: ************* The SA540 settings are as follows: IKE TAB UNDER VPN IKE Policy Configuration Policy Name : ShrewClient Direction/Type: Responder Exchange Mode: Aggressive Local Identifier Type: FQDN Local Identifier: local.com Remote Identifier Type: FQDN Remote Identifier: remote.com Encryption Algorithm: 3DES Authentication Algorithm: SHA-1 Authentication Method Pre-Shared Key Pre-shared key: XXXXXXXXXX Diffie-Hellman (DH) Group: Group 2 (1024) SA-Lifetime (sec): 28800 Enable Dead Peer Detection: No (unchecked checkbox) Detection Period: 10 Reconnect after failure count: 3 XAUTH Configuration: Edge Device Authentication Type: User Database User Name: (blank) Password: (blank) VPN POCICY TAB UNDER VPN Policy Name: ShrewClient Policy Type: Auto Policy Select Local Gateway: Detected WAN Remote Endpoint: FQDN remote.com Enable Mode Config: No (unchecked checkbox) Enable NetBIOS?: No (unchecked checkbox) Enable RollOver: No (unchecked checkbox) Local IP" Subnet Local IP Start Address: XXX.XXX.XXX.0 End IP Address: blank textbox Subnet Mask: 255.255.255.0 Remote IP Any Remote Start Address: blank textbox End IP address: blank textbox Subnet Mask: blank textbox Manual Policy Parameters SPI-Incoming: 0x SPI-Outgoing: 0x Encryption Algorithm: 3DES Key-In: blank textbox Key-Out: blank textbox Integrity Algorithm SAH-1 Key-In: blank textbox Key-Out: blank textbox Auto Policy Parameters SA Lifetime: 3600 Encryption Algorithm 3DES Integrity Algorithm SHA-1 PFS Key Group: YES (checked checkbox) DH Group 2 (1024 bit) Select IKE Policy ShrewClient Redundant VPN Gateway Parameters Enable Redundant Gateway: NO (unchecked checkbox) Select Back- up Policy blank disabled dropdown list Failback time to switch: 30 Seconds from back-up to primary
_______________________________________________ vpn-help mailing list [email protected] https://lists.shrew.net/mailman/listinfo/vpn-help
