I have a problem for a long time now.
I need this to work. So anyone?!

My setup: SBS 6.5 with BM 3.8SP2 s behind NAT(router - Efficient
Speedstream 3950). I setp up C2S VPN on the BM with the public IP address
as VPN IP. I set up VPN client everything seems OK.

This is what I find:

On the BM-server with VPN-Monitorting I see:
AUTH Gateway : A connection was opened for a VPN Client at address <IP
address of client>
AUTH Gateway : Process NMAS request: NMAS authentication succesful
VPN Control: VPN Client licenses have been acquired
AUTH Gateway: VPN Client NMAS user admin.O=<ORGANISATION> at address <IP
address of client>
AUTH Gateway: Connection closed for the VPN client at address <IP address
of client>
IKE: Negotiating for an NMAS user <IP address of client>
IKE: IKE SA Negotiation - Peer lifetime is 28800 My lifetime is 28800
IKE: Negotiating for an NMAS user <IP address of client>
IKE: IKE SA Negotiation - Peer lifetime is 28800 My lifetime is 28800
IKE: PFS Not enabled - deleting all IPSEC SA
IKE: Negotiating for an NMAS user <IP address of client>
IKE: IKE SA Negotiation - Peer lifetime is 28800 My lifetime is 28800
This is repeated a dozen times.

On the IKE.log on the server:

***Receive Main Mode message from 80.127.228.193
I-COOKIE=485F624F18B8A0B8,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-
PAYLOAD,state=-1867652532
Start IKE-SA 8826B000 -
Responder,src=82.92.96.226,dst=80.127.228.193,TotS A=1
Negotiating for an NMAS user 80.127.228.193
IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
****DH private exponent size is 1016****
Local server's interfaces : 10.1.0.2
Local server's interfaces : 192.168.254.249
local Server behind NAT
Recieved Supported Vendor id Novell Border Manager VPN 4.0 client -
Protected Net from 80.127.228.193
Recieved Supported Vendor id draft-ietf-ipsec-nat-t-ike-03 from
80.127.228.193
***Send Main Mode message to 80.127.228.193
pm I-COOKIE=485F624F18B8A0B8,R-COOKIE=BF2A40CEC8711884,MsgID=0,1stPL=SA-
PAYLOAD,state=-1867652532
Retransmit timer expired :Peer lost our reply retransmit the old packet
to 80.127.228.193

On the VPN-Client ikelog I see this:

Start IKE-SA <some code> - Initiator,src=<IP address of
client>,dst=<public IP address of VPN server>,TotSA=1
Negotiation for an NMAS user <IP address of VPN server>
***Send Main Mode message to <IP address of VPN server>
I-COOKIE=<some code>,R-COOKIE=0,MsgID=0,1stPL=SA-PAYLOAD,state=<some code>
*** Receive Main Mode message from <IP address of VPN server>
I-COOKIE=<some code>,R-COOKIE=<some code>,MsgID=0,1stPL=SA-
PAYLOAD,state=<some code>
ERR: first message and responder cookie is not zero
packet length is 104 but the data received from socket 1
**Receive Main Mode message from <IP address of VPN server>
I-COOKIE=<some code>,R-COOKIE=<some code>,MsgId=0,1stPL=SA-
PAYLOAD,state=<some code>
ERR: first message and responder cookie is not zero
Retransmit time expired :Peer lost our reply retransmit the old-packet to
<IP address of VPN server>

and so on

Anybody any idea on what is the problem?

Mail me please