08-09-2012 04:42 AM
Hello Community,
i managed to establish an IPSEC-VPN connection to our PA500 (with PanOS 4.1.5) with ShrewSofts VPN-Client (v2.1.6) using Mutual PSK & X-Auth.
But its no use because there ist no Gateway pushed to the client.
Via 'route print' the connection has On-link as setting for the Gateway.
Any help in troubleshooting this issue would be appreciated.
The Laptop connection ist running Windows 7 Professional.
If you need more details on the settings in the PA500 or the client please tell me which ones to post.
If there is a complete tutorial for that matter (which i haven't found), i would be happy too.
08-09-2012 07:51 AM
Found the problem and solved it.
The missing Gateway wasn't the problem.
The DH Group setting for PFS was set to 2 on both the PA and the client, however, the PA proposes not 2 but 0, so there was a PFS mismatch (visible in the system log on the PA).
Changing it to Auto on the Client solved the problem and now everything works like a charm.
08-09-2012 07:51 AM
Found the problem and solved it.
The missing Gateway wasn't the problem.
The DH Group setting for PFS was set to 2 on both the PA and the client, however, the PA proposes not 2 but 0, so there was a PFS mismatch (visible in the system log on the PA).
Changing it to Auto on the Client solved the problem and now everything works like a charm.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
