It works only for a few logins, (4 at most) then fails permanantly for
that username. Another username works the same way. Tried several
different workstations from different IP addresses. I believe the
problem occurred after adding the second server but can't verify it.
I disabled the VPN on the newest server (unchecked the client to server
in imanager) but it made no difference.

I have 2 bm38 servers for redundancy both exhibit the same problem.
Both are NW65sp4a bm38sp4 on Dell 2500's with 2 gig ram.

Any help would be appreciated.

vpn capture below.

111/18/2005 07:39:40 PM VPN Tunnel Received an IP call from
rmiller.seatel_inc @ 172.100.100.1
Click to view details of this message 11/18/2005 07:39:38 PM IKE ESP
SA was created successfully with 64.161.xxx.210
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Sending proxy id :Type 4 0.0.0.0/0.0.0.0
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Sending proxy id: Type 1 192.168.33.100
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Received proxy id ID_IPV4_ADDR 192.168.33.100
Click to view details of this message 11/18/2005 07:39:38 PM IKE
IPSEC SA NEGOTIATION - Peer lifetime is: 7200 My lifetime is: 7200
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Proposal Mismatch - Quick Mode : ESP - transform mismatch mine : esp
3des his : esp des dst: 64.161.xxx.210 src: 64.161.xxx.206 cookies
my-his :350C6850E35F9C02 - 4A382E92697E6107
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Received proxy Id : IPV4 SUBNET 0.0.0.0/0.0.0.0
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Received proxy id ID_IPV4_ADDR 192.168.33.100
Click to view details of this message 11/18/2005 07:39:38 PM IKE IKE
SA was created successfully with 64.161.xxx.210, encr = 3DES, SA
lifetime = 28800 sec
Click to view details of this message 11/18/2005 07:39:38 PM IKE
Final IKE SA (phase 1) lifetime is 28800 secs
Click to view details of this message 11/18/2005 07:39:36 PM IKE
Nmas user check authentication and traffic rule
Click to view details of this message 11/18/2005 07:39:36 PM IKE
Received notify message of type IPSEC_CONTACT : 24578 from 64.161.xxx.210
Click to view details of this message 11/18/2005 07:39:36 PM IKE
Received MM ID type: 1 protocol : 0 portnum: 0 length 8
Click to view details of this message 11/18/2005 07:39:36 PM VPN
Control Client rmiller.seatel_inc added to IPSEC.
Click to view details of this message 11/18/2005 07:39:36 PM IKE **
Nat detected
Click to view details of this message 11/18/2005 07:39:36 PM IKE IKE
SA NEGOTIATION - Peer lifetime is: 28800 My lifetime is: 28800
Click to view details of this message 11/18/2005 07:39:36 PM IKE
Negotiating for an NMAS user 64.161.xxx.210


Rick Miller