Trying to setup the Shrew Client to work with a "Group VPN" configuration on the RV320
I can get the client to work with a Tunnel Configuration, but I would like the Group VPN to work.
I can get it to establish the Phase1 config, moving to phase2 is where it fails.
It seems that the client is not able to receive the IP information from the RV320
Under the Tunnel configuration you have to enable "Mode Config" and that supplies the IP assignment information
But there is not option like that for doing a Group VPN....
The log on the RV320 is this
| 2016-04-13, 07:52:23 |
VPN Log |
[grpips1][2] 10.78.0.0/24=== ...10.10.0.47===? #2323: [Tunnel Established] ISAKMP SA established |
| 2016-04-13, 07:52:30 |
VPN Log |
[grpips1][2] 10.78.0.0/24=== ...10.10.0.47===?: [Tunnel Disconnected] instance with peer 10.10.0.47 {isakmp=#0/ipsec=#0}
|
So seeing the 10.10.0.47 ===? leads me to believe it is not getting the IP information from the virtual pool
The debug log on the Shrew client is:
I will start the paste of the log from where phase1 has completed.
16/04/13 08:52:23 ii : phase1 sa established
16/04/13 08:52:23 ii : 10.10.0.71:500 <-> 10.10.0.47:500
16/04/13 08:52:23 ii : 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:23 ii : sending peer INITIAL-CONTACT notification
16/04/13 08:52:23 ii : - 10.10.0.47:500 -> 10.10.0.71:500
16/04/13 08:52:23 ii : - isakmp spi = 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:23 ii : - data size 0
16/04/13 08:52:23 >> : hash payload
16/04/13 08:52:23 >> : notification payload
16/04/13 08:52:23 == : new informational hash ( 20 bytes )
16/04/13 08:52:23 == : new informational iv ( 16 bytes )
16/04/13 08:52:23 >= : cookies 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:23 >= : message f16db489
16/04/13 08:52:23 >= : encrypt iv ( 16 bytes )
16/04/13 08:52:23 == : encrypt packet ( 80 bytes )
16/04/13 08:52:23 == : stored iv ( 16 bytes )
16/04/13 08:52:23 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 120 bytes )
16/04/13 08:52:23 DB : config added ( obj count = 1 )
16/04/13 08:52:23 ii : building config attribute list
16/04/13 08:52:23 ii : - IP4 Address
16/04/13 08:52:23 ii : - Address Expiry
16/04/13 08:52:23 ii : - IP4 Netmask
16/04/13 08:52:23 ii : - IP4 DNS Server
16/04/13 08:52:23 ii : - IP4 WINS Server
16/04/13 08:52:23 ii : - DNS Suffix
16/04/13 08:52:23 ii : - IP4 Split Network Include
16/04/13 08:52:23 ii : - IP4 Split Network Exclude
16/04/13 08:52:23 ii : - Application Version = Cisco Systems VPN Client 4.8.01.0300:WinNT
16/04/13 08:52:23 ii : - Firewall Type = CISCO-UNKNOWN
16/04/13 08:52:23 == : new config iv ( 16 bytes )
16/04/13 08:52:23 ii : sending config pull request
16/04/13 08:52:23 >> : hash payload
16/04/13 08:52:23 >> : attribute payload
16/04/13 08:52:23 == : new configure hash ( 20 bytes )
16/04/13 08:52:23 >= : cookies 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:23 >= : message b68916fc
16/04/13 08:52:23 >= : encrypt iv ( 16 bytes )
16/04/13 08:52:23 == : encrypt packet ( 154 bytes )
16/04/13 08:52:23 == : stored iv ( 16 bytes )
16/04/13 08:52:23 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 184 bytes )
16/04/13 08:52:23 DB : config resend event scheduled ( ref count = 2 )
16/04/13 08:52:23 DB : phase2 not found
16/04/13 08:52:28 -> : resend 1 config packet(s) [0/2] 10.10.0.47:500 -> 10.10.0.71:500
16/04/13 08:52:31 <A : peer tunnel disable message
16/04/13 08:52:31 DB : policy not found
16/04/13 08:52:31 DB : policy not found
16/04/13 08:52:31 DB : removing tunnel config references
16/04/13 08:52:31 DB : config resend event canceled ( ref count = 1 )
16/04/13 08:52:31 DB : config deleted ( obj count = 0 )
16/04/13 08:52:31 DB : removing tunnel phase2 references
16/04/13 08:52:31 DB : removing tunnel phase1 references
16/04/13 08:52:31 DB : phase1 soft event canceled ( ref count = 3 )
16/04/13 08:52:31 DB : phase1 hard event canceled ( ref count = 2 )
16/04/13 08:52:31 DB : phase1 dead event canceled ( ref count = 1 )
16/04/13 08:52:31 ii : sending peer DELETE message
16/04/13 08:52:31 ii : - 10.10.0.47:500 -> 10.10.0.71:500
16/04/13 08:52:31 ii : - isakmp spi = 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:31 ii : - data size 0
16/04/13 08:52:31 >> : hash payload
16/04/13 08:52:31 >> : delete payload
16/04/13 08:52:31 == : new informational hash ( 20 bytes )
16/04/13 08:52:31 == : new informational iv ( 16 bytes )
16/04/13 08:52:31 >= : cookies 7cbd29f27c19347f:c54344eca08c7b11
16/04/13 08:52:31 >= : message aa0fffaf
16/04/13 08:52:31 >= : encrypt iv ( 16 bytes )
16/04/13 08:52:31 == : encrypt packet ( 80 bytes )
16/04/13 08:52:31 == : stored iv ( 16 bytes )
16/04/13 08:52:31 -> : send IKE packet 10.10.0.47:500 -> 10.10.0.71:500 ( 120 bytes )
16/04/13 08:52:31 ii : phase1 removal before expire time
16/04/13 08:52:31 DB : phase1 deleted ( obj count = 0 )
16/04/13 08:52:31 DB : tunnel deleted ( obj count = 0 )
16/04/13 08:52:31 DB : removing all peer tunnel references
16/04/13 08:52:31 DB : peer deleted ( obj count = 0 )
16/04/13 08:52:31 ii : ipc client process thread exit ...
16/04/13 08:52:34 ii : hard halt signal received, shutting down
16/04/13 08:52:34 ii : ipc server process thread exit ...
16/04/13 08:52:34 ii : network process thread exit ...
16/04/13 08:52:34 ii : pfkey process thread exit ...
Using the Greenbow client I was able to get this working....
But I would like for it to work with Shrew, but I am not sure what Greenbow client is sending or receiving that enables the tunnel vs. what Shrew is doing.
Thanks for any input
Seth
