Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
3
Replies

RV130W and Shrewsoft cannot ping local devices.

skcisco11
Level 1
Level 1

‎04-11-2016 02:31 PM

I have successfully setup client to gateway vpn using shrewsoft client. The 'tunnel is enabled' and i can ping remote LAN devices BUT only when local host IP is 192.168.0.XX. I should mention the remote LAN subnet is 192.168.1.X (default). If I try to connect from a different network (for example 10.100.X.X) the tunnel is enabled but i cant ping any remote LAN devices. I have tried the option in shrewsoft client under local host adapter mode "use a virtual adapter and assigned address" and "use a virtual adapter and random address" and they don't seem to work either. Any help will be greatly appreciated. Please let me know if you need more detail. 

Labels:
0 Helpful
3 Replies 3

David99
Level 1
Level 1

‎04-12-2016 05:00 AM

Can you post the configuration for the VPN please? What dhcp pool has been set up for Shrewsoft to receive? When it's not working, do you see that the client is connected? What does the crypto ACL look like? And do you have the appropriate NAT exemption?

I've had issues with Shrewsoft in the past, and I always use this config now, which may help you:

This worked with "Standard Edition, Version 2.2.2"

You get prompted for username/password when you connect.

n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:1
n:client-wins-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:<!!!FIREWALL IP HERE!!!>
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:keyid
s:ident-server-type:any
s:ident-client-data:<!!!GROUP NAME HERE!!!>
b:auth-mutual-psk:<!!!GROUP PSK HERE!!!>
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-level:auto

0 Helpful

skcisco11
Level 1
Level 1
In response to David99

‎04-12-2016 08:20 AM

I have attached the VPN config. I dont see anywhere to setup DHCP pool for shrewsoft. The client always connects successfully from 192.168.0.X and 10.100.X.X. but when im on the 10.100.X.X im not able to ping remote LAN devices. 

Not sure how to check for these:

"What does the crypto ACL look like? And do you have the appropriate NAT exemption?"

thanks again for your response. 

Preview file
106 KB
0 Helpful

skcisco11
Level 1
Level 1
In response to skcisco11

‎04-14-2016 01:16 PM

As an update. I change the ip scheme on the RV130W to 10.X.X.X. And i have both PPTP and IPSEC via shrewsoft going. The only thing that doesnt work is from some networks IPSEC doesnt work but PPTP works. really weird. 

0 Helpful
Customers Also Viewed These Support Documents