cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1555
Views
0
Helpful
1
Replies
agadmin99
Beginner

SA 540 IPSec VPN with Shrew Client DNS not working

I configured my SA 540 for IPSec VPN along with Shrew VPN Client according to instructions from Cisco website. Everything connects properly, but I am not able to browse PC's or servers by either Netbios or DNS name on the remote network. It looks like DNS server settings are not passed through the VPN connection even though I put correct IP address of my remote DNS server in the Shrew client settings. Am I missing something?

1 REPLY 1
nmanglik
Cisco Employee

Hi Adam,

Can you please confirm what software version of SA500 you have on the device?

We have simulated the setup locally with the topology and configuration steps and are able to ping using DNS name. Please find our observations below:

Topology:

========

Lan host     +--- [L] SA500 [W] ------------- Shrew Soft VPN client

                 |

DNS Server +

SA520W configuration:

  • Add VPN client configuraton from VPN Wizard (VPN > IPSec > VPN Wizard)
  • On IKE Policies page, select XAUTH Configuration - Edge Device and Authentication Type - User Database.
  • On VPN Policies page, enable Mode Config
  • On Dynamic IP Range page, configure client IP range and DNS Server as LAN side DNS server.
  • Create an IPSec user
  • Disable and Enable VPN Policy.

Shrew Soft VPN Client (v2.1.7):

  • Disable Split tunnel
  • Authentication Method - Mutual PSK + XAuth
  • Policy tab, select 'Maintain Persistent Security Association' and Add to include remote network resource (LAN address of SA500)

Thanks,

Nitin.