Inability to use it from most hotels / other properly locked down public networksĪt the time our users would use remote sites where one kind of VPN would work and others wouldn't, but it wasn't clearly the IPsec that failed more often. We liked the existing VPN just fine, but Cisco makes a lot more money if they can move everyone off of it. Our client VPN use was highly inconsistent which presented a sizing burden and carrying cost as well. It was a factor in moving off of ASA (along with that terrible policy-based IPsec) and I don't regret that in the slightest, as you might imagine given the evolution of the ASA line since then. In our case years ago, I decided not to take on the burden of sizing and maintaining a new licensing scheme for no benefit to ourselves. I set the IP assigned to the user on the ASA but it does not work with the Shrew client. The VPN pool makes it useless as we use static IPs due to some fine grained Access Rules. Now I can bring up the tunnel but it only works if I use Aggressive Mode (not supposed to be used by company policy) and optain the IP address from a VPN pool. Well, the latest Windows update took care of that as it ate the Cisco client. Turned out the Shrew client did not like the company of the Cisco client on the same computer. I also tried to enter the tunnel-group name as "Fully Qualified Domain Name" as that was listed in the Shrew documentation but that does not work either. When I try to connect it fails and the ASA log shows that it is trying to connect to the wrong group and consequently has the wrong PSK. Under the Authentication tab I have selected "Mutual PSK + XAuth", Identification Type "Key Identifier" and the tunnel-group name as the Key IS String. Currently my patience is paying dearly trying to get the Shrew IPsec VPN client to work. So my boss wants to avoid paying for An圜onnect licenses at all costs (to replace the old Cisco IPsec client). Rule #6: Homework / Educational Questions must display effort. Rule #3: No BlogSpam / Traffic re-direction. Rule #2: No Certification Brain Dumps / Cheating. r/NetworkingJobs /r/sysadmin /r/ITCareerQuestions /r/CSCareerQuestions /r/ccna /r/juniper /r/jncia /r/ccnp /r/jncis /r/ccdp /r/jncip /r/ccie /r/ccde /r/cisco /r/jncie /r/HomeNetworking /r/TechSupport /r/Network /r/ipv6 /r/networkautomation /r/outages Related IRC Channels
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |