Hello

I posted here earlier with errors while using certificates, and Craig
recommended that I try to simplify and use NMAS. My clients can connect
and they authenticate, but I cannot ping any internal address. Also, it
looks like I'm not passing any encrypted packets. I look at the activity
logs in NoRM and I get this error:

Proposal Mismatch - Quick Mode : ESP - transform mismatch mine : esp 3des
his : esp des dst: 66.19.145.83 src: 24.176.93.69 cookies my-
his :C6E1876D4605A2AF - 5410CBF940B1B811


The BM server is 3.8 sp2a. The client is 3.8.6. The server is configured
with 2 network cards, one with the internal ip address of 10.1.100.15, the
other with the public ip of 24.x.93.69. I have configured static routes
between the cards and traffic seems to flow properly (we also host
GroupWise Web Access on this box that works with no problems at all). My
VPTunnell address is set to 192.168.199.1.

My traffic rules are as follows:

VPNUsersTo10.2Network Specified List Specified List Any Protocol
Encrypt Yes
VPNUsersTo10.1Network Specified List Specified List Any Protocol
Encrypt Yes
VPNUsersTo192Network Specified List Specified List Any Protocol Encrypt
Yes
DoNotEncryptInternetTraffic Any User Any Host Any Protocol Allow
Unencrypted Yes
Default_Traffic_Rule Any User Any Host Any Protocol Deny Yes


The Specified list is just a group of VPN users that I've configued. Any
Idea where I should go from here?

Wade Grimes
ECR Software Corporation