Unable to connect with Shrew client to SA520

Unanswered Question

Have a little lab set up and testing the SA5X0 devices before we consider rolling them out. Having an issue with connecting to the device with the Shrew client. I followed the directions at https://www.myciscocommunity.com/docs/DOC-15592 to the letter and getting the following:


config loaded for site 'SA520 Test'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
invalid message from gateway
tunnel disabled
detached from key daemon ...


Not really sure where to go from here or what more information I can provide from logs.


The machine doing testing on is Shrew 2.1.5 on Windows 7x64. It connects without incident to many other Cisco PIX and ASA devices. Would really like to get this working. Thanks for any help on this.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Made some changes and seem to be getting further, but still no connect.....


Client says:

config loaded for site 'SA520 Test'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
adapter configuration failed


Trace utility shows this:

10/04/14 15:53:45 ii : building config attribute list
10/04/14 15:53:45 ii : sending config pull request
10/04/14 15:53:45 >= : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 >= : message 8c86920c
10/04/14 15:53:45 ii : processing config packet ( 68 bytes )
10/04/14 15:53:45 =< : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 =< : message 8c86920c
10/04/14 15:53:45 ii : received config pull response
10/04/14 15:53:45 !! : invalid private address
10/04/14 15:53:45 DB : removing tunnel config references
10/04/14 15:53:45 DB : removing tunnel phase2 references
10/04/14 15:53:45 DB : removing tunnel phase1 references
10/04/14 15:53:45 ii : sending peer DELETE message
10/04/14 15:53:45 ii : - 10.93.44.196:500 -> 10.93.44.202:500
10/04/14 15:53:45 ii : - isakmp spi = 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 ii : - data size 0
10/04/14 15:53:45 >= : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 >= : message b99c11cd
10/04/14 15:53:45 ii : phase1 removal before expire time
10/04/14 15:53:45 DB : removing all peer tunnel refrences
10/04/14 15:53:45 ii : ipc client process thread exit ...


Not sure what the "invalid private address" means. I am able to connect to other VPN endpoints in the outside world. Could it be because the machine I am testing this from is on the same subnet as the WAN interface as the SA520 I am testing?