Hi all,

Here's the problem. We're running NW6sp5, with BM3.6 (all service packs)
running as Master VPN and BM 3.7
(all service packs) as VPN slave. Both servers are in the same tree. In
preparation for NW6.5 upgrades, we
upgraded our BM 3.6 box to BM3.8SP2a, BM38fp3a, nmsrv2341, and secupd5, all
per Craig's dynamite book. S2S
VPN broke, but worked fine once recreated (only used VPNCFG). However,
since TCP610h (nici) re-broke the
VPN, we went back to using BSDSOCK (6.20.04 June 18, 2004), TCP (6.20.02
Mar 23, 2004), and TCPIP (6.20.06
June 2, 2004). All was fine for about a week.

A proxy abend on our master server got us to reboot it. After that, the VPN
died. Disabling packet
filtering on both boxes seemed to fix it, along with several Unloads and
reloads of vpmaster. Since there
had been no changes to the packet filters on either side before the reboot,
I re-enabled the packet
filters. VPN broke again, so I disabled then. This time it did not fix it.
We finally deleted and recreated
the VPN. The call would initiate, connect for a few seconds, and then on
the slave we get "Remote IP
address <public IP of master> is incorrectly reachable though the

When we try to ping across, we occasionally get 4 or 5 packets that make it,
seemingly after a reload of

I've read on some of the postings here (as well as in Craig's book), that on
BM 3.8 for legacy VPN we're
supposed to created it in VPNCFG and then again in iManager. Since it
worked (for the week), I was a bit
leery of doing this, not sure if it would break the existing VPN link.
Could this be the problem? Any
insights would be greatly appreciated. Of course, this all had to happen
the first day back in class for
our students!!