- Launch VPN Access Manager (the Shrew Soft client).
- On the VPN Access Manager main menu, click on the Add button to add a new connection.
- On the General tab, enter the Host Name or IP Address of the IPsec server configured in the previous recipe. Generally, this will be the same as the WAN interface of the firewall where we configured the IPsec client-server tunnel. All other settings can remain at their default values:
- Click on the Authentication tab (it is the fourth tab in the most recent version).
- In the Authentication Method drop-down menu, select Mutual PSK + XAuth, to match what we set in phase 1 of the previous recipe:
- On the Local Identity sub tab, select User Fully Qualified Domain Name in the Identification Type drop-down menu, again matching what we entered in phase 1 of the previous recipe.
- In the UFQDN String text field, enter the user distinguished name used in step 16 of the previous recipe.
- On the Credential sub tab, enter the pre-shared key we entered in the previous recipe into the Pre-Shared Key text field.
- Click on the Phase 1 tab.
- Keep Exchange Type set to aggressive and DH Exchange set to group 2:
- Set Cipher Algorithm to aes, Cipher Key Length to 256, and Hash Algorithm to sha1. Keep all other settings on this tab at their default values.
- Click on the Phase 2 tab.
- Set Transform Algorithm to esp-aes, Transform Key Length to 256, and HMAC Algorithm to sha1. Keep all other settings on this tab at their default values:
- When you are done making changes, click on the Save button.
- Select the newly created connection in Shrew Soft’s VPN Access Manager and click on Connect.
- A dialog box will appear prompting you for a username and password. Enter the credentials for one of the IPsec mobile users created in the previous recipe.
- If the Connect tab indicates that the tunnel was enabled (tunnel enabled should be the last update to the status list), the connection to the remote firewall is complete.
You can check on the status of the VPN by navigating to Status | IPsec on the remote firewall. There should be a listing in the table for each of the mobile clients along with information about which encryption algorithms are being used, how long the connection has been active, and much more.