Alcatel Unleashed

Hi

Since Alcatel announced Brick "End of Sales", it won't publish new version of IPSec Client which could run on Windows 7. However, from Alcatel I got response that there is third party VPN CLient, called Shrew (http://www.shrew.net/, its free), that works on Windows 7 and can work with brick.
I tried to set up a VPN connection using this client, but I couldn't. It's far more complex then Alcatel client.
Has anyone of you ever tried it?

Thanks in advance
Franz

Hi,

Did you get anywhere with this? I manage about 15 bricks (most of them since about 1997!!) and now many PC manufacturers ars stopping Windows XP, we are getting more and more requests for a Windows 7 client.

I have managed to get the Shrew client to connect but it isn't passing any traffic so i'm not sure if I have got farther that you or not ??

Thanks

Phil

Hi

No, I didn't get even as far as you, I didn't even make shrew to connect. Can you please tell me how you set up your shrew connection?

Regards
FranzM

Hi

I was able to connect using Shrew, but no traffic is coming trough so I think I'm in the same place you are. I tried to put remote networks manually in Shrew policy tab but this didn't changed anything.

Regards
FranzM

OK, I got it. I was able to connect using Shrew client and ping hosts on the other side. Remote Desktop also works good.
Main problem was Alcatel IP Sec Client. It is the best to uninstall it, or at least bring down all services with "lucent" in their name. Normally even when Alcatel client is off, they are working normally and cause problems.
Also, you need to put remote networks manually in policy tab.

Regards
FranzM

Sorry I missed your original message.... You have got further than me now!

Would it be possible for you to post your settings?

Cheers

Phil

Sure

General Tab:
- IP: xx.xx.xx.xx
- port: 500
- auto configuration: IKE confoig pull
- use a virtual adapter and assigned address
- mtu: 1380
- obtain automiaticly: checked

Client Tab:
- NAT Traversal: enable
- NAT Traversal port: 4500
- Keep alive: 15 sec
- IKE fragmentation: enable
- Max packet size: 540
- Other options: all checked

Name Resolution Tab:
- All options checked

Authentication Tab:
Method: Mutual PSK + XAuth

Local Identity:
Identification Type: Key Identifier
Key ID String: Here you need to put same value as in Group ID field in IKEv1 tab in Client Tunnel Endpoint menu in Brick.

Remote Identity:
Identification Type: IP Address
Usa a discovered remote host address: checked

Creditentials:
Pre Shared Key: XXXXXXXXXX

Phase 1 Tab:
Exchange type: aggresive
DH exchange: group 1
Cipher algoritm: auto
Hash algoritm: auto
Key life time limit: 86400
Key life data limit: 0

Phase 2 Tab:
Transform algoritm: auto
HMAC algoritm: auto
PFS Exchange: disabled
Compress algoritm: disabled
Key life time limit: 3600
Key life data limit: 0

Policy Tab:
No option checked
You need to put here all remote networks to which you want to have access.


Regards
FranzM

Do we need to have local presence to be set for the VPN Client to work?

No, at least in my case it wasn't necessary.

Hi,

just a post to report my experiment of the shrew software.
When you use the shrew vpn client software , you don't have to use in the same time the alcatel vpn client with an another user for exemple. It will make the brick panic !
the only way after is to reboot the brick otherwise no more VPN connections are possible !

Keep this in mind , i've get troubles with it !