Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
819 Views 3 Replies Latest reply: Mar 27, 2013 10:24 AM by grinder RSS
grinder Apprentice 102 posts since
Feb 8, 2013
Currently Being Moderated

Mar 26, 2013 3:14 PM

ShrewSoft VPN Client With MFE?

I am using the ShrewSoft VPN client to connect to the MFE via VPN.  It works sometimes and other times it does not.  I have a couple of other people testing this as well with the same results.  I am using certificates along with XAUTH via Active Directory.  Sometimes it works great just as intended other times not at all and sometimes it will connect but never show an established connection.  I do see the following errors in the audits on occasion:

 

2013-03-26 12:36:21 -0700 f_isakmp_daemon a_vpn t_error p_major

pid: 1685 logid: 0 cmd: 'ikmpd' hostname: VERWALL.vertech.local

cky_i: de8336d5c8e7c3f7 cky_r: 2e6f31073ec80284 msg_id: 9b8e93ff

local_gw: xx.xx.xx.xx remote_gw: xx.xx.xx.xx

information: [detailed info]

  [error]

    QUICK_MODE exchange processing failed

  [error]

    invalid request for QUICK_MODE exchange, no IKE SA exists which matches request

 

 

I am not sure why it only works intermittently.  Has anyone else had troubles like this?  I am wondering if it is a ShrewSoft thing or a MFE problem.  Has anyone been successful using ShrewSoft consistently without issues?  If so what version?  My MFE is v8.3

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. Mar 27, 2013 3:39 AM (in response to grinder)
    Re: ShrewSoft VPN Client With MFE?

    My personal suggestion would be to try a less complex authentication method to start with (pre-shared key instead of the certificate) and see if this increases reliability. If it does, it could be something to do with the certificates you are using.

     

    You can also consider increasing the logging level for the ISAKMP service as this may help you to understand better why the Firewall believes there is no matching security association at that time - the suggestion being that the Shrewsoft client is sending different information to what the Firewall is expecting and, as a result, it cannot match the request to any configured SA. By increasing the logging on ISAKMP it could tell you a bit more about what is going on. Once you've established a possible cause you can then return the logging level back to normal.

     

    While I don't believe it is officially supported by McAfee, I think you will find there are a couple of KB articles concerning the configuration and use of the Shrewsoft client and I'm pretty sure I've seen it being discussed in this forum previously. Type "Shrewsoft" into the search field in the top right-hand corner of the forum and it should return all the revious discssions on this subject.

     

    -Phil.

     

    Message was edited by: PhilM on 27/03/13 08:39:30 GMT
  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    2. Mar 27, 2013 4:34 AM (in response to grinder)
    Re: ShrewSoft VPN Client With MFE?

    This discussion may be of use to you:-

     

    https://community.mcafee.com/message/140475#140475

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points