BM 3.8 on NetWare 5.1 server behind NAT router. Can't login to NetWare
server. In checking on what is going on, found out that can't ping
anything on protected network (i.e. VPN Tunnel, NetWare Server,
workstations, router, etc.). Statistics screen on client shows encrypted
IP traffic sent, but none received. It also shows that for every ping
packet, there are packets discarded. Audit log from NRM shows messages
of "(SKIP) Construction of SA failed for peer". NRM VPN Member activity
screen under status of IP shows that is trying to negotiate security.

In trying to get C2S VPN working, have applied all latest client and
server patches. Thought that maybe a NICI problem on server so made a
backup copy of SYS:\SYSTEM\NICI directory (glad I did) and performed TID
10065538 "Reinstalling NICI - the short version". Boy did that ever make a
mess! Put NICI back to original state by restoring files from backup copy
of SYS:\SYSTEM\NICI. As a side effect of attempting the NICI update, maybe
related or not, have a Java application for the UPS that now when it is
started, java gives error: SecurityException: Cannot setup certs for
trusted CAs.

From the client side, it seems that the tunnel is up, because the VPN
Client window goes down to the System Tray, but no traffic at all!

Anybody got any ideas?