Question : Symantec Firewall/VPN 200r connectivity problem

Unfortunately, we have a Symantec Firewall/VPN 200r here for secure remote connectivity. I say unfortunately because it's been a pain in my side since day 1.

Anyway, the problem I'm having is connecting multiple remote computers thru the VPN.

I have 1 desktop and 5 laptops we need to connect.

The desktop was setup by someone else before I arrived and connects thru the VPN just fine.
However, when I attempt to configure and connect the laptops thru the VPN, all I get are errors.

Here's some background info:
VPN: ##############
Static External (Wan) and Internal Address (192.168.1.xx), Dynamic Key: ESP DES MD5, 480min lifetime, 500000KB data volume limit, 40 min inactivity timeout. Gateway address 0.0.0.0 (as suggested by Symantec), ID type Distinguished Name

Desktop: ##############
DSL internet connection, Dynamic IP, Win XP, Symantec Enterprise VPN Client v7.0.1 w/all patches.

Laptops: ##############
Verizon Cellular internet connection, Dynamic IP, Win XP, Symantec Enterprise VPN Client v7.0.1 w/all patches. VPN client Gateway set to IP of the 200r, w/ IKE policy set to MD5, DES, Group1, 480 min. VPN tunnel IP address is set to 192.168.1.0, Mask is 255.255.255.0, VPN Policy is set to ESP, MD5, DES, compression: none, Encapsulation: tunnel, Diffie-Helman: group1, data volume: 500000KB, lifetime timeout: 480, inactivity timeout: 40.  FYI, NetWare Client is installed although we are not using it thru cellular connection; only when hardwired to network.


Looking at the logs of the 200r, I can see the laptops trying to connect, albeit unsuccessfully:
##############
07/13/2004 17:49:18.94 vpnclient2 - responding to Aggressive Mode from Road Warrior 166.xx.xx.xx
07/13/2004 17:49:19.74 vpnclient2 - STATE_AGGR_R1: from STATE_AGGR_R0; sent AR1, expecting AI2
07/13/2004 17:49:20.54 vpnclient2 - Receive ISAKMP OAK INFO (PAYLOAD_MALFORMED)
07/13/2004 17:49:20.54 vpnclient2 - Terminating connection
##############

I've reviewed all of the settings, over and over, to make absolutely sure that they are the same on the 200r and the Client.

Also I added 2 more Dynamic Keys (tunnels), but that had no effect.

I'm at my wits end with this piece of !@#$%@ hardware and need some help. My only alternative is to take this 200r out back and smashing the crap out of it w/ a baseball bat!

500 Points to the expert who can prevent this 200r’s violent destruction!


Ben

Answer : Symantec Firewall/VPN 200r connectivity problem

The firewall seems to have some configuration problems:-

Jul 14 15:37:17.655 rtmc1043-jr isakmpd[3668]: 301 Internal warning: Security Gateway LSg_68.xx.xx.xx will not be loaded.
Jul 14 15:37:17.665 rtmc1043-jr isakmpd[3668]: 301 Internal warning: errors loading C:\Program Files\Symantec\VPNClient/netent.cf
Jul 14 15:37:17.685 rtmc1043-jr isakmpd[3668]: 301 Internal warning: Failed to find ike enabled security gateway = LSg_68.xx.xx.xx
Jul 14 15:37:17.705 rtmc1043-jr isakmpd[3668]: 301 Internal warning: Unable to load security policy SP1.