You're referencing the SSH server with the name "prismweb5" - that name will likely only work if you have "search domains" setup for the network interface that you're using. The search domain would be appended to the hostname that you're referencing above, so if your search domain is "example.com", the FQDN would be prismweb5.example.com.
It's also possible that the DNS name "prismweb5" cannot be resolved from outside of the network. This setup may be referred to as "split-DNS", and the private name "prismweb5" may not be something that can be looked up on your 'normal' DNS servers (those provided by your home ISP).
A workaround for this would potentially be to set the DNS server that is at the remote office as the primary DNS server for the network interface (Ethernet, Wi-Fi) that you're using to connect. This will allow your machine to perform lookups of 'internal' names. I'm not sure about Shrewsoft, but many VPN clients allow DNS server settings to be changed to specific servers when the VPN connects.
Alternately, you can avoid using DNS names to connect to the server, and simply use the IP address to connect. However, this would require that you know what the IP address of the server "prismweb5" is (or be able to perform a lookup to retrieve that address).
If you are still not able to connect to the server using the IP address, see if your machine can ping that IP address (assuming prismweb5's IP is 192.168.1.5):
ping 192.168.1.5
If the machine is responding to pings, you should be able to connect to it...However, if you're not seeing IMCP (ping) responses, it's possible that your machine doesn't know the route to that computer (i.e., the VPN interface.) See what 'route' reports for that IP:
route get 192.168.1.5
The route should report an interface that is being used to connect to that device. Often, you'll see something like "ppp0" or "gif0" (or some other interface, other than en0/en1)
If the route for that device is not showing the correct interface, it may help to show all routes on the machine using netstat:
netstat -nr
The output of netstat may include an IP range/Destination for your remote network (e.g., 192.168/16), and may show the interface that should be used (Netif) on the right.
The article that you've referenced seems to mention that the fix for the CHAP authentication in newer systems is to modify the file at /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist by changing the value of "AuthenticatorProtocol" from "MSCHAPv2" to "PAP":
AuthenticatorProtocol = (PAP);
If you still have issues, posting the contents of /var/log/ppp/vpnd.log may also be helpful.
I do not recommend using the dscl command that you're referencing above to configure your user record. The 'pwpolicy' command could be better suited for that task.
Best Answer
One workaround that I found useful was to use Tunnelblick rather than macOS built-in VPN networking. Tunnelblick is open source and generally respected, and if you are able to install this software on your machine, it is a more robust and permanent solution than macOS' Networking prefpane.