Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec VPN 200R - unable to connect VPN client

Status
Not open for further replies.

horaces

Technical User
May 23, 2007
29
BE
Dear

we have a Symantec Firewall 200 setup behind a managed router. I am trying to connect my VPN client to the symantec appliance, no success. My ISP has opened ISAKMP port 500 TCP/UDP on their router and forwards it to WAN port of my VPN aplliance which is 10.0.0.140 (LAN 10.0.0.42).
Below you can find the log from my VPN client. Communication fails at all time.


Mar 26 15:46:13.703 PC320090 emapi[780]: 100 nsetup Trace: Session Notification enabled.
Mar 26 15:46:13.765 PC320090 isakmpd[156]: 120 isakmpd Info: Reconfiguring Isakmp tunnels
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Connecting security gateway X.X.X.X
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Retrieving configuration for gateway X.X.X.X
Mar 26 15:51:15.812 PC320090 emapi[780]: 400 Symantec Enterprise VPN Client Error: Communications with the ISAKMP daemon failed.
Mar 26 15:51:47.468 PC320090 isakmpd[156]: 343 isakmpd Warning: RETRY LIMIT REACHED for the remote security gateway X.X.X.X
Mar 26 15:54:26.078 PC320090 emapi[780]: 100 nsetup Trace: Error retrieving information. Terminating connect operation to gateway X.X.X.X


On the Symantec 200R -

Phase 1 Negotiation=Agressive
Encryption and Authentication Method=ESP 3DES MD5
SA Lifetime=720
Data Volume Limit=100000
Inactivity Timeout=0
Perfect Forward Secrecy=Enabled

On The 200R I have setup VPN dynamic key. Local security Gateway is left blank as described in manual. Remote security gateway is left blank as wel as described in manual.


On the Enterprise VPN Client (V7.0.0 (352-3DES) -

Create a custom IKE Policy with:
Integrety=MD5
Privacy=3DES
Diffie Hellman=Group 1
Expire=720 Minutes

Create a custom VPN Policy with:
Integrity=MD5
Privacy=3DES
Compression=None
Encapsulation=Tunnel
Data Integrity=ESP
Perfect Forward Secrecy=Checked
Diffie Hellman=Group 1
Volume Limit=100000 KB
Lifetime=720 Minutes
Inactivity=0

Define the Gateway with:
Symantec Enterprise Gateway=Unchecked
IKE Policy=Name of Custom Policy
Tunnel VPN Policy=Name of Custom Policy

Gateway ID is the WAN IP of our managed router.

Any help appreciated.

Regards

Horaces
 
Update:

Our ISp has opened ports 50 and 51 (IPSEC) on our router. Since this moment I retrieve some more logging on the Symantec VPN 200R

UTC Time Message Source Destination Note
04/01/2008 11:29:32.77 System started
04/01/2008 11:33:17.22 - ERR:message from X.X.X.X:12824, but no connection has been authorized
04/01/2008 11:33:37.87 - ERR:message from X.X.X.X:12867, but no connection has been authorized
04/01/2008 11:34:19.32 - ERR:message from X.X.X.X:12876, but no connection has been authorized
04/01/2008 11:35:22.17 - ERR:message from X.X.X.X:12890, but no connection has been authorized
04/01/2008 11:36:56.47 - ERR:message from X.X.X.X:12898, but no connection has been authorized
04/01/2008 11:44:57.37 GHEYSVPN - Terminating connection

However, I still can not get the VPN client connect to the VPN 200R.

Any suggestions?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top