I've installed a S2S-VPN with 2 BM 3.8 Servers situated in different tree's.
I realized this according the TID 10095268.

It seems that the handshake between the 2 Servers works,
but my master Server shows the slave as "being configured".

The Trace in IKE on the Slave loogs like:

03/31/2005 03:19:18 PM IKE ESP-SA is deleted mySPI=70BFC324 peerSPI=7C240000 dst :217.6.2.188
03/31/2005 03:19:16 PM IKE PFS NOT ENABLED - DELETING ALL IPSEC SA
03/31/2005 03:19:16 PM IKE ESP SA was created successfully with 217.6.2.188
03/31/2005 03:19:16 PM IKE Sending proxy id :Type 4 0.0.0.0/0.0.0.0
03/31/2005 03:19:16 PM IKE Sending proxy id :Type 4 0.0.0.0/0.0.0.0
03/31/2005 03:19:16 PM IKE Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
03/31/2005 03:19:16 PM IKE Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
03/31/2005 03:19:16 PM IKE IPSEC SA NEGOTIATION - Peer lifetime is: 1000 My lifetime is: 1000
03/31/2005 03:19:14 PM IKE IKE SA was created successfully with 217.6.2.188, encr = 3DES, SA lifetime = 28800 sec
03/31/2005 03:19:14 PM IKE Final IKE SA (phase 1) lifetime is 28800 secs
03/31/2005 03:19:14 PM IKE Recieved INITIAL_CONTACT notify from 217.6.2.188 deleting all old sa's to 217.6.2.188


















I've noticed som possible problems:
1'st:
I've recently changed the public-IP-Adress of the Server.
in VPN-Monitor in NRM there will displayed the wrong address.
2'nd:
Do I have to set a route to the slave's network ?
3'rd:
All two BM-Servers using NAT.

Any id's ?

Uwe