Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring Symantec VPN Client and 200R 1

Status
Not open for further replies.
jsavell

jsavell

Technical User
Jun 29, 2004
3
US
I have Symantec 200R and 100 VPN boxes connected through DSL. Now I'd like to add remote users with the VPN Enterprise Client, and I'm confused by Symantec's instructions (Document 2002121708585054).
In filling out the Dynamic Key, do I create a new name (above the enable button) for each client? Do I fill out the Local Security Gateway? On the Remote Gateway, I set the Gateway Address to 0.0.0.0 and select Distinguished Name. Do I ever enter the name, or is that done in client identity. Do I fill in the Pre-Shared Key? Do I clear the values in the Gateway to Gateway Tunnels? Does every remote user get both a Client Identity and a listing in Dynamic Key?
Thanks for your help.
 
Sort by date Sort by votes
On the 200r side, make sure you do the following:

Under Dynamic Key Local Security Gateway, set ID Type=IP Address and Phase1 ID={blank}.

Under Dynamic Key Remote Remote Security Gateway, set Gateway Address=0.0.0.0, set


In the VPN Client software, make sure you do the following:

Create your own IKE policy with your own name. Don't use any of the default policies that have already been set up.

Create your own VPN policy with your own name. Don't use any of the default policies that have already been set up.

Make sure you are using "Diffie Hellman" group 1 for both the IKE and VPN policies.

Make sure "Symantec Enterprise Gateway" is NOT checked.

Make sure your encryption and timeout settings match between the client and the VPN appliance. Be sure to check all the tabs under the VPN policy.

Make sure the "client ID" and "shared secret" match what was set up for the "Client Identity" on the VPN appliance.

For suggested appliance and client configurations, please see Thread754-730829

Also please note that you need to obtain a patch from Symantec before the client will work on XP. You need to update the client to version 7.0.1. See the link .
 
Upvote 0 Downvote
Sorry, I hit the wrong button. Here is the completed post.


On the 200r side, make sure you do the following:

Under Dynamic Key Local Security Gateway, set ID Type=IP Address and Phase1 ID={blank}.

Under Dynamic Key Remote Remote Security Gateway, set Gateway Address=0.0.0.0, set ID Type=Distinguished Name, set Phase1 ID={blank}, set Pre-Shared Key={blank}.

Set the Names up only under Client Identity. Be aware that you have a limited number of names that the 200r will configure, but you can share the same name for multiple clients simultaneously.


In the VPN Client software, make sure you do the following:

Create your own IKE policy with your own name. Don't use any of the default policies that have already been set up.

Create your own VPN policy with your own name. Don't use any of the default policies that have already been set up.

Make sure you are using "Diffie Hellman" group 1 for both the IKE and VPN policies.

Make sure "Symantec Enterprise Gateway" is NOT checked.

Make sure your encryption and timeout settings match between the client and the VPN appliance. Be sure to check all the tabs under the VPN policy.

Make sure the "client ID" and "shared secret" match what was set up for the "Client Identity" on the VPN appliance.

For suggested appliance and client configurations, please see Thread754-730829

Also please note that you need to obtain a patch from Symantec before the client will work on XP. You need to update the client to version 7.0.1. See the link .
 
Upvote 0 Downvote
Hi,

I have tried these settings - and the ones in Thread754-730829 but still gettings errors. Using the settings in the other thread, I get a 3360 error on the client, saying that the client ID or key don't match - yet they are exactly the same??

The firewall gives the following:

08/18/2004 07:44:28.58 vpnclient - STATE_AGGR_R1: from STATE_AGGR_R0; sent AR1, expecting AI2
08/18/2004 07:44:28.88 vpnclient - Receive ISAKMP OAK INFO (PAYLOAD_MALFORMED)

Any suggestions out there?
 
Upvote 0 Downvote
Avertere, these errors typically indicate that there is a discrepancy between your settings. It could be something not obvious on the screen, like a hidden space. Try clearing your settings on both the 200r and the client software, and configure them again from scratch.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
299
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
313
intel233
intel233
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
145
acabezas2014
acabezas2014
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
130
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
383
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top