Trouble getting Gateway pushed to VPN-Client using Shrewsoft

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Trouble getting Gateway pushed to VPN-Client using Shrewsoft

L0 Member

Hello Community,

i managed to establish an IPSEC-VPN connection to our PA500 (with PanOS 4.1.5) with ShrewSofts VPN-Client (v2.1.6) using Mutual PSK & X-Auth.

But its no use because there ist no Gateway pushed to the client.

Via 'route print' the connection has On-link as setting for the Gateway.

Any help in troubleshooting this issue would be appreciated.

The Laptop connection ist running Windows 7 Professional.

If you need more details on the settings in the PA500 or the client please tell me which ones to post.

If there is a complete tutorial for that matter (which i haven't found), i would be happy too.

1 accepted solution

Accepted Solutions

L0 Member

Found the problem and solved it.

The missing Gateway wasn't the problem.

The DH Group setting for PFS was set to 2 on both the PA and the client, however, the PA proposes not 2 but 0, so there was a PFS mismatch (visible in the system log on the PA).

Changing it to Auto on the Client solved the problem and now everything works like a charm.

View solution in original post

1 REPLY 1

L0 Member

Found the problem and solved it.

The missing Gateway wasn't the problem.

The DH Group setting for PFS was set to 2 on both the PA and the client, however, the PA proposes not 2 but 0, so there was a PFS mismatch (visible in the system log on the PA).

Changing it to Auto on the Client solved the problem and now everything works like a charm.

  • 1 accepted solution
  • 2297 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!