Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to connect with Shrew client to SA520

Have a little lab set up and testing the SA5X0 devices before we consider rolling them out. Having an issue with connecting to the device with the Shrew client. I followed the directions at https://www.myciscocommunity.com/docs/DOC-15592 to the letter and getting the following:

config loaded for site 'SA520 Test'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
invalid message from gateway
tunnel disabled
detached from key daemon ...

Not really sure where to go from here or what more information I can provide from logs.

The machine doing testing on is Shrew 2.1.5 on Windows 7x64. It connects without incident to many other Cisco PIX and ASA devices. Would really like to get this working. Thanks for any help on this.

Everyone's tags (2)
2 REPLIES
New Member

Re: Unable to connect with Shrew client to SA520

Made some changes and seem to be getting further, but still no connect.....

Client says:

config loaded for site 'SA520 Test'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
adapter configuration failed

Trace utility shows this:

10/04/14 15:53:45 ii : building config attribute list
10/04/14 15:53:45 ii : sending config pull request
10/04/14 15:53:45 >= : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 >= : message 8c86920c
10/04/14 15:53:45 ii : processing config packet ( 68 bytes )
10/04/14 15:53:45 =< : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 =< : message 8c86920c
10/04/14 15:53:45 ii : received config pull response
10/04/14 15:53:45 !! : invalid private address
10/04/14 15:53:45 DB : removing tunnel config references
10/04/14 15:53:45 DB : removing tunnel phase2 references
10/04/14 15:53:45 DB : removing tunnel phase1 references
10/04/14 15:53:45 ii : sending peer DELETE message
10/04/14 15:53:45 ii : - 10.93.44.196:500 -> 10.93.44.202:500
10/04/14 15:53:45 ii : - isakmp spi = 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 ii : - data size 0
10/04/14 15:53:45 >= : cookies 93b313841a6c7582:f15ed1d40d961263
10/04/14 15:53:45 >= : message b99c11cd
10/04/14 15:53:45 ii : phase1 removal before expire time
10/04/14 15:53:45 DB : removing all peer tunnel refrences
10/04/14 15:53:45 ii : ipc client process thread exit ...

Not sure what the "invalid private address" means. I am able to connect to other VPN endpoints in the outside world. Could it be because the machine I am testing this from is on the same subnet as the WAN interface as the SA520 I am testing?

New Member

Re: Unable to connect with Shrew client to SA520

Connected the WAN interface directly to the outside and used my AT&T card to connect and still getting the "invalid private IP address" error.

I'm stumped. I'd really like to be able to use these devices.

3115
Views
0
Helpful
2
Replies