| Setting | Typical Cisco Value | |---------|---------------------| | | ESP | | Encryption Algorithm | AES-128 or 3DES | | Hash Algorithm | SHA1 | | Lifetime | 3600 seconds | | PFS | Disable or match gateway setting |
Before starting, ensure you have the following information from your network administrator: (or Hostname) of the Cisco gateway. Group Name (also known as Tunnel Group Name or Key ID). Group Pre-Shared Key .
: Select Mutual PSK + XAuth . This tells the client to use a Group PSK first, then ask for your user password. shrew soft vpn cisco group authentication
Leave this as with "Use a discovered remote host address" checked. Authentication Tab -> Credentials :
The tab establishes the target gateway and basic connection behavior. : Select Mutual PSK + XAuth
These settings must match the crypto map or ISAKMP policy on the Cisco device. :
| Setting | Typical Cisco Value | |---------|---------------------| | | Main Mode | | DH Group | Group 2 (or as per Cisco config) | | Encryption Algorithm | AES-128 or 3DES | | Hash Algorithm | SHA1 | | Lifetime | 86400 seconds | Authentication Tab -> Credentials : The tab establishes
(your individual username and password). Phase 1: General & Client Settings
Group shared secrets are less secure than certificate-based authentication. For production environments, consider using with Shrew Soft and Cisco.