Symantec VPN200R + SEVPN client 1

[Totor]

Hi,

Did anybody succeded in configure the Vpn200R Box to run as a VPN authentification with the Symantec enterprise client ?

I have a 200R with firmware 1.6 and Sevpn 7.0 with latest patch.

When I try to connect to my VPN I get error messages :

-Error while processing data rcvd from peer x.x.x.x: (-3366) Unexpected payload was received in request.
-isakmpd[1384]: 120 isakmpd Info: Error during isakmp sa negotiation with peer x.x.x., status=IKMP_ERROR err=(-3366) Unexpected payload was received in request.
-isakmpd[1384]: 120 isakmpd Info: Initiator, Failed to establish IPSEC SA with peer x.x.x.x [tunTemplate=SP1]
-isakmpd[1384]: 120 isakmpd Info: Isakmp SA with peer x.x.x.x expired. Will renegotiate.

I unchecked the Enterprise gateway option in the secvpn...

I am lost !!!

Did anybody succeed with that option ???

In advance thanks for your help
T

 

[apeasecpc]

I have several working connections between the Enterprise VPN Client 7.0 and the 200R.


The settings that work for me are:

On the 200R -

Phase 1 Negotiation=Agressive
Encryption and Authentication Method=ESP 3DES MD5
SA Lifetime=720
Data Volume Limit=100000
Inactivity Timeout=0
Perfect Forward Secrecy=Enabled

Your User Pre-Shared keys should be at least 20 digits long.


On the Enterprise VPN Client -

Create a custom IKE Policy with:
Integrety=MD5
Privacy=3DES
Diffie Hellman=Group 1
Expire=720 Minutes

Create a custom VPN Policy with:
Integrity=MD5
Privacy=3DES
Compression=None
Encapsulation=Tunnel
Data Integrity=ESP
Perfect Forward Secrecy=Checked
Diffie Hellman=Group 1
Volume Limit=100000 KB
Lifetime=720 Minutes
Inactivity=0

Define the Gateway with:
Symantec Enterprise Gateway=Unchecked
IKE Policy=Name of Custom Policy
Tunnel VPN Policy=Name of Custom Policy


In all working cases the Enterprise VPN Client is installed on Windows-98, Windows-2000, or Windows-NT. My one attempt to install under Windows-XP did not work.

 

[Totor]

Thanks for helping, I am going to work on it base on your parameters this week-end !

Will let you know

Regards
Luc

 

[lopezrx]

I have a 200R at work that I can use 200R client software to connect to from a laptop using a 56K dialup. But I can't get in on my home computer using DSL. Any ideas why dialup will work but DSL won't. I connect from the home computer fine, but can't ping anything ar work on the 200R. Symantec hasn't been much help...so please any ideas.

 

[apeasecpc]

Most of my enterprise client users have high speed connections, so you should be able to get it to work.

What version of windows do you have on your home machine? The enterprise client software works on 98, 2000, and NT, but NOT XP. I also found that it would not work on a computer with more than one network card installed.

If you are using a supported version of windows and a single network card, your problem is probably a configuration error. You should try it with the settings I listed in my previous post above.

 

[lopezrx]

I solved my Symantec 200R problem. I could not get the VPN client software to connect to the 200R over a DSL connection. The answer was an IP conflict on the client and server sides. I did NOT have any exact conflicts but it seems that having the server as 192.168.0.xxx and the client as 192.168.0.xxx caused the problem. I set the client to 192.168.200.xxx and it worked fine. I was surprised that Symantec tech support did NOT suggest this fix. Anyway spread it around..it might save someone a lot of time.