-
Re: Netvanta VPN using Shrewsoft client
mick Apr 20, 2017 11:30 AM (in response to unclegary)That should do it if you're just venting, but if you expect people to try to help you then you'll need to post the configuration files for your Shrew client and the router, obfuscating passwords and public IP addresses as necessary.
--
Regards,
Mick
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 20, 2017 11:33 AM (in response to mick)OK, understand.
-
Re: Netvanta VPN using Shrewsoft client
jayh Apr 20, 2017 10:06 PM (in response to unclegary)And a debug of the negotiation would also be useful.
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 21, 2017 2:33 PM (in response to jayh)Debug of client authentication and client configuration produces a series of:
IDE In Vendor ID Process failed
Received Vendor ID not recognized with IKE
Ending with Could not find a matching remote ID
What Vendor ID is it referring to ?
G
-
-
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 21, 2017 2:37 PM (in response to mick)Debug of client authentication and client configuration produces a series of:
IKE In Vendor ID Process failed
Received Vendor ID not recognized with IKE
Ending with Could not find a matching remote ID
What Vendor ID is it referring to ?
G
-
Re: Netvanta VPN using Shrewsoft client
jayh Apr 21, 2017 3:29 PM (in response to unclegary)unclegary wrote:
Debug of client authentication and client configuration produces a series of:
IKE In Vendor ID Process failed
Received Vendor ID not recognized with IKE
What Vendor ID is it referring to ?
That's a hex value of a list of vendors stored locally. Not recognizing the Vendor ID shouldn't cause IKE to fail, it's primarily informational, so that a Cisco box knows it's talking to another Cisco, etc.
Ending with Could not find a matching remote ID
This is typically the IP address of the remote system on a site-to-site VPN but can be a hostname or string for remote access. Make sure that the client is sending what the server expects.
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 21, 2017 3:32 PM (in response to jayh)OK, this is a mobile peer.
I’ll keep looking….tnx !
-
Re: Netvanta VPN using Shrewsoft client
mick Apr 21, 2017 4:39 PM (in response to unclegary)Unclegary, I don't know how you have configured both ends, but try using their respective public IP addresses as their peer ID in the first instance, to see if this error goes away and you can move to the next phase.
--
Regards,
Mick
-
Re: Netvanta VPN using Shrewsoft client
jayh Apr 21, 2017 9:28 PM (in response to mick)Great idea for troubleshooting phase 1 but won't scale as he wants to use the client for remote access and its public IP will change.
-
Re: Netvanta VPN using Shrewsoft client
mick Apr 22, 2017 2:03 AM (in response to jayh)Yes, it is likely the mobile peer will have a dynamically allocated IP address and also by its nature of being mobile will be connecting from different locations at times. The reason I suggested to try setting initially both peer IDs as the respective public IP addresses, was in case unclegary is using a pre-shared key with Main Mode VPN tunnel. This combination will not work with other forms of peer ID (e.g. FQDN, user@FQDN), because the mobile peer initiating the connection will need to select the correct PSK to calculate the hash for the router, before it has received and processed the router's ID. When using public key certificates for peer authentication with Main Mode VPN this problem goes away, but without seeing the configuration files of both peers we can only guess this much. :-)
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 22, 2017 6:55 AM (in response to mick)OK, I'll copy my config setup and the IKE errors on Monday so you guys can see it all.
I'm using Aggressive and PSK for the mobile client setup. No certs.
The client setup used to function as a mobile peer.
-
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 24, 2017 10:28 AM (in response to jayh)Ignoring the “ Vendor ID “ info, looks like “ could not find a matching remote ID “ might be important ?
Policy 106 belongs to my VPN mobile client.
Lawrence#
Crypto IKE Policy 106
Respond to aggressive mode
Will not initiate
Local ID Address: 199.XXXXXXXXXXXXXXXXXX
NAT Traversal V1 Allowed
Peers:
Any Peer
Client Authentication Server List:
LoginUseLocalUsers
Client Config Pool
VPN Client
Attributes:
1
Encryption: AES-256-CBC
Hash: MD5
Authentication: Pre-share
Group: 1
Lifetime: 28800 seconds
106: IkeCheckIdData failed
106: IkeCheckIdData failed
2017.04.24 12:01:59 CRYPTO_IKE.NEGOTIATION Could not find a matching remote ID
2017.04.24 12:01:59 CRYPTO_IKE.NEGOTIATION 106: IkeCheckIdData failed
2017.04.24 12:01:59 CRYPTO_IKE.NEGOTIATION IkeProcessData: IkeIdleProcess failed
2017.04.24 12:01:59 CRYPTO_IKE.NEGOTIATION IkeDeleteIsakmpSA :: Deleting any DPDRequests queued in isakmpsa
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION IkeSelectIsakmpProposal: pIsakmpSA->usEncKeyLen = 32
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION IkeInVIDProcess :: IKEInVendorIDProcess failed
Could not find a matching remote ID
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION 106: IkeCheckIdData failed
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION IkeProcessData: IkeIdleProcess failed
2017.04.24 12:02:05 CRYPTO_IKE.NEGOTIATION IkeDeleteIsakmpSA :: Deleting any DPDRequests queued in isakmpsa
2017.04.24 12:02:09 CRYPTO_IKE.NEGOTIATION DPDP1NodeTrafficBased :: Sending Notify Payload for Phase 1
2017.04.24 12:02:09 CRYPTO_IKE.NEGOTIATION DPDSendNotifyPayload :: Sending Notify REQUEST for Phase 1
2017.04.24 12:02:09 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: Not DES and Not 3DES
2017.04.24 12:02:09 CRYPTO_IKE.NEGOTIATION InitialiseCipherContext :: Not DES and Not 3DES
2017.04.24 12:02:09 CRYPTO_IKE.NEGOTIATION IkeInNotifyProcess: NOTIFY TYPE: R U THERE (36136)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION <POLICY: 106> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID,VID,VID,VID,VID,VID
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION DOI: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Situation: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION PROPOSAL PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Proposal No.: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IANA No. for protocol: ISAKMP (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Size of the variable SPI field: 0
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Number of transforms offered: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION TRANSFORM PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Transform Number: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IANA Transform ID: IKE Key (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION TRANSFORM ATTRIBUTES
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Encryption Algorithm (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: Unknown/Other (7)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Key Length (14)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: (256)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Algorithm (2)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: MD5 (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Group Description (4)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: DH Group 1 (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Method (3)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: Unknown/Other (65001)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Type (11)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: Seconds (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Life Time (12)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 4
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: (86400)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION KE PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION NONCE PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION ID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IANA No. for identifn: 2 -> ID_FQDN
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Protocol Id: 0
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Port: 0
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Id Data:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 63 6C 69 65 6E 74 2E 68 client.h
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 6F 6D 65 6E 65 74 77 6F omenetwo
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 72 6B 2E 6C 6F 63 61 6C rk.local
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 8
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 09 00 26 89 DF D6 B7 12 ..&.....
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 44 85 15 2D 18 B6 BB CD D..-....
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 0B E8 A8 46 95 79 DD CC ...F.y..
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 16 F6 CA 16 E4 A4 06 6D .......m
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 83 82 1A 0F 0A EA A8 62 .......b
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 90 CB 80 91 3E BB 69 6E ....>.in
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 08 63 81 B5 EC 42 7B 1F .c...B{.
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 7D 94 19 A6 53 10 CA 6F }...S..o
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 2C 17 9D 92 15 52 9D 56 ,....R.V
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 4A 13 1C 81 07 03 58 45 J.....XE
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 5C 57 28 F2 0E 95 45 2F \W(...E/
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION F1 4B 94 B7 BF F1 FE F0 .K......
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 27 73 B8 C4 9F ED ED 26 's.....&
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 20
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 16 6F 93 2D 55 EB 64 D8 .o.-U.d.
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION E4 DF 4F D3 7E 23 13 F0 ..O.~#..
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION D0 FD 84 51 ...Q
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 84 04 AD F9 CD A0 57 60 ......W`
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION B2 CA 29 2E 4B FF 53 7B ..).K.S{
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VID PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Vendor ID Length: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION VENDOR ID HASH IN HEX:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 12 F5 F2 8C 45 71 68 A9 ....Eqh.
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 70 2D 9F E2 74 CC 01 00 p-..t...
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IkeSelectIsakmpProposal: pIsakmpSA->usEncKeyLen = 32
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IKEInVendorIDProcess :: Received Vendor ID not registered with IKE
2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Could not find a matching remote ID
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 106: IkeCheckIdData failed
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IkeProcessData: IkeIdleProcess failed
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SENDING NOTIFY MSG:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION INVALID_ID_INFORMATION
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION <POLICY: 106> PAYLOADS: NOTIFY
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION NOTIFY PAYLOAD
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION DOI: 0
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Protocol Id: 1
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Size of SPI: 16
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Type of notify message: 18
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Notify Type: Invalid ID Info (18)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length of Notification Data: 0
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 106: Sent informational exchange message
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION IkeDeleteIsakmpSA :: Deleting any DPDRequests queued in isakmpsa
2017.04.24 12:14:53 CRYPTO_IKE.NEGOTIATION peer 192.168.1.73: Received first message of aggressive mode
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 24, 2017 1:01 PM (in response to jayh)The mobile VPN client is set to authenticate to “ Local Userlist “
However, I noticed I can enter any bogus credentials in the client XAUTH login and it will attempt to authenticate.
It is definitely not using the correct client information.
-
Re: Netvanta VPN using Shrewsoft client
jayh Apr 24, 2017 3:59 PM (in response to unclegary)The remote is identifying as "client.homenetwork.local". Is this configured as a valid VPN ID?
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 24, 2017 4:01 PM (in response to jayh)Yes
Sent from my Sprint Phone.
-
-
Re: Netvanta VPN using Shrewsoft client
mick Apr 28, 2017 1:34 PM (in response to unclegary)Hi unclegary,
You haven't shared your configuration files, so I'm answering on the basis of the Netvanta log you posted above. There are number of client attributes which may not have been configured correctly. Starting from the top:
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION TRANSFORM ATTRIBUTES
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Encryption Algorithm (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: Unknown/Other (7)
This should not be 'Unknown/Other', but should be AES according to the settings in Crypto IKE Policy 106. Have you configured your Shrew to use only AES-256 for IKE encryption?
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Key Length (14)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: (256)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Algorithm (2)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: MD5 (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Group Description (4)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: DH Group 1 (1)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION SA Attrib: Authentication Method (3)
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Length: 2
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Value: Unknown/Other (65001)
This ought to be showing a value of 'Pre-shared Key' rather than 'Unknown/Other'. Have you configured the Shrew client to use the same Pre-shared Key value as you have configured in the Netvanta?
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION Could not find a matching remote ID
2017.04.24 12:14:48 CRYPTO_IKE.NEGOTIATION 106: IkeCheckIdData failed
The Remote peer ID (the mobile client ID) sent by the client is not configured the same in the Netvanta.
From what you have shared so far, the problem appears to be that the client and router configuration are not mirroring each other. Have a quick look here for an example that works, or post your configurations at each end and we'll take a look to see if anything is amiss.
PS. As jayh has mentioned the Vendor ID error is more of a warning and not related to your problem. This Vendor ID is used as a shorthand code to inform each peer if NAT-T, DPD, fragmentation, etc. are attributes available at the other end.
--
Regards,
Mick
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 28, 2017 2:53 PM (in response to mick)Thanks Mick.
I’m working backward from an existing remote client setup.
This should be simple….it’s just matching the 2 ends up.
I’ll get some more logs for you guys next week.
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 28, 2017 2:54 PM (in response to mick)Here’s IKE Policy 90, which is being used for the mobile clients:
And 106:
-
image002.png 37.6 K
-
image001.png 35.7 K
-
-
Re: Netvanta VPN using Shrewsoft client
unclegary Apr 28, 2017 2:57 PM (in response to mick)Here’s another part of IKE policy 106
-
image001.png 37.0 K
-
Re: Netvanta VPN using Shrewsoft client
jayh Apr 28, 2017 11:39 PM (in response to unclegary)It would be more useful for me to see a "show run" from the CLI with passwords, etc. redacted that screenshots from the GUI.
-
Re: Netvanta VPN using Shrewsoft client
mick May 1, 2017 4:33 AM (in response to unclegary)unclegary, I can't see anything wrong in the Netvanta configuration you have shared, but as jayh suggests it would be clearer if we could see the whole configuration of Netvanta after you obfuscate any sensitive information. In particular, we need to see the remote id you have configured in the Netvanta for the Shrew client.
It will be necessary to compare this with your corresponding Shrew client configuration. If the Shrew client is running in MSWindows, please post your Shrew configuration for the site you are trying to connect to. It should be stored in C:\Users\unclegary\AppData\Local\Shrew Soft VPN\sites\AA.BBB.CC.DDD, where 'AA.BBB.CC.DDD' would be the IP address or name you have given to the Shrew connection settings. If Shrew (ike) is running on Linux or BSD check /etc/iked.conf, or your /home directory. Again, obfuscate sensitive information in this file too.
--
Regards,
Mick
-
-
-
-
-
-
-
-
-