Dear
we have a Symantec Firewall 200 setup behind a managed router. I am trying to connect my VPN client to the symantec appliance, no success. My ISP has opened ISAKMP port 500 TCP/UDP on their router and forwards it to WAN port of my VPN aplliance which is 10.0.0.140 (LAN 10.0.0.42).
Below you can find the log from my VPN client. Communication fails at all time.
Mar 26 15:46:13.703 PC320090 emapi[780]: 100 nsetup Trace: Session Notification enabled.
Mar 26 15:46:13.765 PC320090 isakmpd[156]: 120 isakmpd Info: Reconfiguring Isakmp tunnels
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Connecting security gateway X.X.X.X
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Retrieving configuration for gateway X.X.X.X
Mar 26 15:51:15.812 PC320090 emapi[780]: 400 Symantec Enterprise VPN Client Error: Communications with the ISAKMP daemon failed.
Mar 26 15:51:47.468 PC320090 isakmpd[156]: 343 isakmpd Warning: RETRY LIMIT REACHED for the remote security gateway X.X.X.X
Mar 26 15:54:26.078 PC320090 emapi[780]: 100 nsetup Trace: Error retrieving information. Terminating connect operation to gateway X.X.X.X
On the Symantec 200R -
Phase 1 Negotiation=Agressive
Encryption and Authentication Method=ESP 3DES MD5
SA Lifetime=720
Data Volume Limit=100000
Inactivity Timeout=0
Perfect Forward Secrecy=Enabled
On The 200R I have setup VPN dynamic key. Local security Gateway is left blank as described in manual. Remote security gateway is left blank as wel as described in manual.
On the Enterprise VPN Client (V7.0.0 (352-3DES) -
Create a custom IKE Policy with:
Integrety=MD5
Privacy=3DES
Diffie Hellman=Group 1
Expire=720 Minutes
Create a custom VPN Policy with:
Integrity=MD5
Privacy=3DES
Compression=None
Encapsulation=Tunnel
Data Integrity=ESP
Perfect Forward Secrecy=Checked
Diffie Hellman=Group 1
Volume Limit=100000 KB
Lifetime=720 Minutes
Inactivity=0
Define the Gateway with:
Symantec Enterprise Gateway=Unchecked
IKE Policy=Name of Custom Policy
Tunnel VPN Policy=Name of Custom Policy
Gateway ID is the WAN IP of our managed router.
Any help appreciated.
Regards
Horaces
we have a Symantec Firewall 200 setup behind a managed router. I am trying to connect my VPN client to the symantec appliance, no success. My ISP has opened ISAKMP port 500 TCP/UDP on their router and forwards it to WAN port of my VPN aplliance which is 10.0.0.140 (LAN 10.0.0.42).
Below you can find the log from my VPN client. Communication fails at all time.
Mar 26 15:46:13.703 PC320090 emapi[780]: 100 nsetup Trace: Session Notification enabled.
Mar 26 15:46:13.765 PC320090 isakmpd[156]: 120 isakmpd Info: Reconfiguring Isakmp tunnels
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Connecting security gateway X.X.X.X
Mar 26 15:46:13.781 PC320090 emapi[780]: 100 nsetup Trace: Retrieving configuration for gateway X.X.X.X
Mar 26 15:51:15.812 PC320090 emapi[780]: 400 Symantec Enterprise VPN Client Error: Communications with the ISAKMP daemon failed.
Mar 26 15:51:47.468 PC320090 isakmpd[156]: 343 isakmpd Warning: RETRY LIMIT REACHED for the remote security gateway X.X.X.X
Mar 26 15:54:26.078 PC320090 emapi[780]: 100 nsetup Trace: Error retrieving information. Terminating connect operation to gateway X.X.X.X
On the Symantec 200R -
Phase 1 Negotiation=Agressive
Encryption and Authentication Method=ESP 3DES MD5
SA Lifetime=720
Data Volume Limit=100000
Inactivity Timeout=0
Perfect Forward Secrecy=Enabled
On The 200R I have setup VPN dynamic key. Local security Gateway is left blank as described in manual. Remote security gateway is left blank as wel as described in manual.
On the Enterprise VPN Client (V7.0.0 (352-3DES) -
Create a custom IKE Policy with:
Integrety=MD5
Privacy=3DES
Diffie Hellman=Group 1
Expire=720 Minutes
Create a custom VPN Policy with:
Integrity=MD5
Privacy=3DES
Compression=None
Encapsulation=Tunnel
Data Integrity=ESP
Perfect Forward Secrecy=Checked
Diffie Hellman=Group 1
Volume Limit=100000 KB
Lifetime=720 Minutes
Inactivity=0
Define the Gateway with:
Symantec Enterprise Gateway=Unchecked
IKE Policy=Name of Custom Policy
Tunnel VPN Policy=Name of Custom Policy
Gateway ID is the WAN IP of our managed router.
Any help appreciated.
Regards
Horaces
