Shrew Free Cisco VPN Client Alternative

Faced the problem of installing the Cisco VPN Client on Windows 7 and besides x64,
if you can run on a Windows 7 x86 with a shaman tambourine, then on x64 all attempts will be in vain (Cisco almost doesn’t want to do x64 Vpn Client).


I go to the search engines ... and see the following ways out of the situation:
')
1. Installing AnyConnect VPN Client that works on x64 but does not have IPSec (does not work).
2. Create a Windows x86 virtual machine and install the Cisco VPN Client.
3. Install one of the heaps of alternative paid customers (by the way, not one of them has earned)
4. Install Windows x86 (and the ability to get BSOD on Win7 after installing the Cisco Client) :)

All of the above methods are impractical to say the least :)

5. Installing the free OpenSource client Shrew (by the way, it is not only for Windows, but also for nix systems)

We go on the way 5 :)

Downloading Shrew from the official site



I will give an example of how to configure tunneling with group authentication ("Group Authentication"):

1) Create a new connection profile (Add button)
and in the General tab, in the “Host Name or IP address” field, enter the IPSec gateway address and port


2) go to the tab "Client"
choose force-rfc in the NAT traversal item (we leave everything else by default)

3) Go to the tab “Name Resolution” (here you can leave everything by default, in most cases with proper configuration, Cisco VPN Server will return the necessary addresses by itself)

4) go to the tab "Authentication"
Set the “Authentication method” to Mutual PSK + Xauth (used if the authentication method is using IPSec Group ID or split key)



4.1) Let's go to the sub-item “Local Identity”, set “Identification Type” = “Key Identifier”
and enter the IPSec group ID in the “Key ID String” field

4.2) Let's go to the sub-item “Remote Identity”, set “Identification Type” = “Any”

4.3) Go to the sub-item “Credentials” and enter our group password (IPSec Group Password) in the field
"Pre Shared Key"



5) Tabs: Phase 1, Phase 2 and Policy do not need settings, we will leave everything by default

6) Save the connection settings.

7) Click the Connect button
enter your credentials

If everything is good in the log we will see the cherished phrase "tunnel enabled"



I hope my description is useful in facilitating the creation of tunnels on Windows x64.