Trouble getting Gateway pushed to VPN-Client using Shrewsoft

L0 Member

Trouble getting Gateway pushed to VPN-Client using Shrewsoft

Hello Community,

i managed to establish an IPSEC-VPN connection to our PA500 (with PanOS 4.1.5) with ShrewSofts VPN-Client (v2.1.6) using Mutual PSK & X-Auth.

But its no use because there ist no Gateway pushed to the client.

Via 'route print' the connection has On-link as setting for the Gateway.

Any help in troubleshooting this issue would be appreciated.

The Laptop connection ist running Windows 7 Professional.

If you need more details on the settings in the PA500 or the client please tell me which ones to post.

If there is a complete tutorial for that matter (which i haven't found), i would be happy too.

L0 Member

Re: Trouble getting Gateway pushed to VPN-Client using Shrewsoft

Found the problem and solved it.

The missing Gateway wasn't the problem.

The DH Group setting for PFS was set to 2 on both the PA and the client, however, the PA proposes not 2 but 0, so there was a PFS mismatch (visible in the system log on the PA).

Changing it to Auto on the Client solved the problem and now everything works like a charm.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!