4 Replies Latest reply on Jul 20, 2011 12:02 AM by Nishant Shah

    ShrewSoft problem

    Nishant Shah

      Hi Guys,

       

      Im back. After finding that windows 7 client was not compitable with the sidewinder firewall, i thought to give a try to the shrew soft client. I have configured the vpn and rules on the firewall as well as configured the client but im not able to connect to our vpn.

       

      Im running windows 7. Any idea how will i be able to troubleshoot it.

       

      thanks in advance.

       

      Nishant

        • 1. Re: ShrewSoft problem

          Hi Nishant,

           

          did you try to follow this steps?

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB67215&actp=search&viewlo cale=en_US&searchid=1311106944754

           

          this is description of Sidewinder 7.x

           

          mr. F. Osgood make a great tutorial to do this configuration too for version 8

           

          http://www.unsinc.com/blog/

           

          i hope this articles help your configuration

           

          best regards,

          • 2. Re: ShrewSoft problem
            sliedl

            That's a cool blog post, thanks for that.

             

            Nishant:

            On the firewall's command-line you can run this to capture VPN audits:

            $> acat -kbe "area vpn" > audit.raw

            Test your VPN.  Then you can open the audit file with this command:

            $> acat audit.raw | less

             

            On the ShrewSoft side it actually has a separate program called the 'Trace Utility'.  This is the logging utility for ShrewSoft.  You need to open it, then click File -> Options and switch the 'Log output level' from "none" to something else, like "debug".  Then in the 'IKE Service' tab click the 'Open Log' button, make sure the 'Trace Log' button is pushed also, then click 'Start'.  Do this under the 'IPSEC Service' tab also.  You can click 'Restart' to clear the logs and restart the ShrewSoft services.

             

            Now you have logs from both sides of the VPN connection.  If, on the firewall side, you see an audit message like 'Message timed-out...retransmitting' you need to look on the ShrewSoft side because it has thrown an error itself and you need to find that error in the ShrewSoft Trace Utility.

            • 3. Re: ShrewSoft problem
              Nishant Shah

              thanks carbel... but we do not intend to use certificates. we would like to use pre shared key for authentication. i also tried a guide uploaded on this community by one of the members, which has step by step config for the firewall as well as the client but still have problems.

              • 4. Re: ShrewSoft problem
                Nishant Shah

                thanks sliedl as always. i did try the trace utility on the shrewsoft client and took a devug of the messages. what i see in the logs is it fails in the phase1 which i suppose is when the pre shared key exchange happens. after trying a couple of times, it just fails.