Thought I would post the basic settings for this free VPN client as Netscreen Remote doesnt work on Windows 7 properly. I had tried Shrewsoft before but didnt get the settings right until I tested again with the latest version (2.1.7). This was connecting to a 5gt for remote server access but will work with anything.
Here are the settings I used to connect to a firewall using: existing PC adapter address, a manual preshared key, email user ID string, no remote DNS requirement.
Note that the Phase 1 and 2 proposal algorithms work fine when set to 'Auto'. If you use 3des-sha for example you can specify that explicity but it worked as auto so I left as that.
1. Download and setup the Shrewsoft VPN software: http://www.shrew.net/home
2. Open the Shrewsoft 'Access Manager ' and Click 'Add' to add a new policy
3. Under the 'General' tab:
- Host Name or IP Address: <IP of your Netscreen or other VPN gateway>
- Auto Configuration: <disabled>
- Local Host/Address Method : <Use an Existing adapter and current address>
4. 'Client' tab:
- Firewall options: leave all as is (enable/4500/15/540)
- Other Options: Tick 'Enable Dead Peer Detection' / Tick 'Enable ISAKMP Failure..'
5. 'Name Resolution ' Tab:
- Untick everything (or as required)
6. 'Authentication ' tab:
- Authentication Method: <Mutual PSK>
- Local Identity: identification type 'User Fully Qualified Domain Name' / UFQDN String: <your ID string - e.g. firstname.lastname@example.org
- Remote Identity: Identification Type: 'IP Address' / Tick 'Use a discovered remote hose address'
- Credentials: enter your pre-shared key
6. 'Phase 1' tab: (set as per your firewall setup - typical settings as below)
- Exchange type: agressive
- DH Exchange: group 2
- Cipher Algorithm: auto
- Hash Algorithm: auto
- Key Life Time limit: 86400
- Key Life Data limit: 0
- Untick 'Enable Check point ..'
7. 'Phase 2' tab:
- Transform algorithm: auto
- HMAC Algorithm: auto
- PFS Exchange: auto
- Compression Algorithm: disabled
- Key Life Time limit: 3600
- Key Life Data limit: 0
8. 'Policy ' tab
- Policy generation level: 'auto'
- Tick : 'Maintain Persistent Security Associations'
- Untick : 'Obtain Topology Automatically ..'
- Click 'Add ' and enter the IP and mask of the remote PC or subnet - e.g. 192.168.20.0 / 255.255.255.0
9. Click on Save
10. Click the Connect button to open the connection window and then click the following Connect button
- The network tab will show 'Established - 1' if the link is properly up
- If it doesnt the re-check all your settings