Master: NW6.0.5, BM3.8 SP3, TCP 6.20.11 21 December 2004


- Was : NSBS6.0.3-BM3.7sp3, legacy VPN S2S
- Updated: NSBS6.5.3-BM3.8SP3, legacy VPN S2S up for a week
- Now : Upgrade to new style VPN was done (tried) this way:

Master: Remove Legacy Slave Server (NWADMN32)
Slave : Remove Legacy VPN Slave Configuration through VPNCFG

TID 10095268 (Site to Site, Separate trees)

startvpn on the slave: Gave the errors tid 10095747.htm describes,
there were no schema extensions errors during upgrade to BM3.8 on that
(IKE is not loading).

After a reboot the slave's IKE is loading, telling that it is sending
and receiving the cookies, in sys:system/vpn there are the files

- policy.dat
- vpns2s.dat

after each stopvpn/starvpn I get these error lines:

11.05.2005 19.55.37 : IPXRTR-6.70-101
Information for WAN call VPTUNNEL@<master-pub-ip> was found in
NLSPSTAT.CFG, but matching information was not found in the CSL
database. Information for this WAN call entry will be ignored. This can
occur when configuring WAN calls under low memory conditions.

- Master's RM: this slave is "being configured" for ever (jumping
ball gif's for IPX and IP)
ups, changed now to IPX down and IP being configured.

Global Details for that server:

Tunnel status: Loaded
Tunnel time active: 2:05:41
IPX packets sent 5,931
IPX packets received 2,546
IP packets sent 30,129
IP packets received 35,587
Total packets sent 36,060
Total packet received 38,133
Total bytes sent 10,025,188
Total bytes received 11,208,068
Total send packet discarded 0
Total received packet discarded 201
IKE Status Up
Main mode attempted count 28
Main mode failure count 0
Quick mode attempted count 37
Quick mode failure count 0
Successful PSS Authentications 1
Failed PSS Authentications 0
Successful NMAS Authentications n/a
Failed NMAS Authentications n/a
Successful x509 Authentications 4
Failed x509 Authentications 0
Successful LDAP Authentications n/a
Failed LDAP Authentications n/a
Total Backward compatibility authentications n/a
Failed Backward compatibility authentications n/a

"more IKE statistics" tells:
UDP Send Fail 0
Invalid Cookies 0
Invalid Packets 0
Total Notify Received 2
Total Notify Send 0
Total Acquires 111

IKE Screens: MASTER and SLAVE send and receive cookies successfully

How to fix this?

Regards, Rudi.

How easy was this old style VPN: minfo, sinfo, some klicks and it was
up :-/

Of course, that new style has *MUCH* more features, I appreciate
them... just the upgrade of old to new seems to me to be quite