I am trying to setup a new SITE to SITE VPN connection.

Yesterday, SBC installed SBC Yahoo DSL. I told the installer that I
not want DHCP, filters, or NAT, so he suggested I used a bridge and
not a
router for the service. He installed an Efficient Networks

Internet service is working and the BM 3.7 proxy server is working for


My problem:

When trying to establish a connection for the Site to Site, the Slave

server reports:

Audit Log:

(SKIP) Construction of SA failed for peer 68.xx.xx.xx


IP Security Error 284

IPSEC failed to set up a Security Association with the indicated
connection causing packets to be dropped.

Check for possible our of memory conditions.

Here's what I tried so far:

1. Reviewed Master server's Audit log. No indication of making a
connection to Slave server.

2. Reviewed Slave server's Audit log. VPSLAVE was started. License
obtained. Then the SA errors keep occuring over and over.

3. Verified both servers were running the same version of TCPIP.NLM.

Both are 6.15.16 128bit.

4. Verified that the actual server time (Master and Slave) are within
minute (just a few seconds).

5. I called SBC DSL support. They had no clue what I was talking
when I stated that I needed to verify that SKIP (protocol 57) and
353 ports were not being filterd. So, SKIP may be getting blocked,
but I
can't seem to verify it.

How can I test to see if SKIP is blocked ?

Also, any ideas on correcting my problem.

I do know that at the MASTER site, I am able to make a Client to Site
connection and have been able to for a long time, so I tend to think
problem is at the SLAVE end.