Our setup: BM 3.8.5 running on NW 6.5.6. The client is 4.91 SP3 using the VPN client 3.8.16.

The issue: We have two users configured for C2S from the days when this was a BM 3.5 server. Both of these users continue to be able to use the VPN in Backwards Compatibility. I have tried to add some more users, first individually, and then as a group, to both the traffic rules and authentication rules. In fact, when that didn't work, I changed the authentication rules to allow all NDS users, but still no go.

Error messages for the new users:

Using Backwards Compatibility: "Authentication gateway failed to verify entered parameters. Format error reported by authentication gateway."

Using NMAS: "Failed receiving server DH public value. Authentication failed. Contact your sysadmin to configure an authentication policy to allow you VPN access." I thought that's what I did.

Thanks for any help