I have configured the VPN server according to Craig J's BM book.
However, I'm experiencing a few problems.

1. When I connect to the VPN server and check at "Clients connected" in
Remote Manager>VPN Monitoring>Activity, I see the encryption tunnel is
down. Under the connection details, the connection state for both IPX and
IP is unattached. In the Audit Log I see "Proposal Mismatch - Quick Mode:
ESP- transform mismatch mine: esp desk his : esp null dst: xxx.xx.xx.xx
src:.....". I don't know how to resolve that.
2. I'm unable to ping our internal servers. I executed the tracert
<internal ip address> to see what route it takes. It contacts our router
and then I get request time outs from there. How do I setup the routes
for the VPN? We tried a few things and thought it might work. We binded
the vpn address ( to the private interface and setup a static
route but that didn't work. Another thing I tried was to setup the
private nat to dynamic only and that worked in the environment I had setup
before but I remember someone said it wasn't the right thing to do. Any

Here's our setup:

I'm working on NW65SP3, BM38SP3
BM has 2 NIC cards, one for internal and other for public
VPN Tunnel Address:,
C2S Pool Address:,
LAN Network:,

Default route points to the public address

In TCPCon, I see a few static routes setup
default's next hop is the bm internal server's next hop is
xx.xx.xx.xx (public's network)'s next hop is our bm server (public side)

Any help will be greatly appreciated...
If there's a TID that explains on how to setup the routes for VPN I'd love
to have that too.