ok so this is a long story however, I will make it as short as possible for the sake of the forum....
I\u0027ve set up a VPN connection from a Doc\u0027s office to a satalite office...
If you have the firewall disabled, there is no need to check further or in group policy as it would allow all connections by default. The errors in the logs you mentioned earlier; I assume that was on the client machine ? If so no just on the computer s to which you are connecting. --Rob ps: -no other VPN clients installed on the problematic PC's is there? Here is the log at the main location: [2007-03-16 ][==== IKE PHASE 1(from 74.1) START (responder) ====] [2007-03-16 ]**** RECEIVED FIRST MESSAGE OF AGGR MODE **** [2007-03-16 ] PAYLOADS: HASH, NOTIFY, NOTIFY [2007-03-16 ]**** AGGR MODE COMPLETED **** [2007-03-16 ][==== IKE PHASE 1 ESTABLISHED====] [2007-03-16 ][==== IKE PHASE 2(from 74.1) START (responder) ====] [2007-03-16 ]**** RECEIVED FIRST MESSAGE OF QUICK MODE **** [2007-03-16 ]**** FOUND IDs, EXTRACE ID INFO **** [2007-03-16 ] PAYLOADS: HASH [2007-03-16 ]**** QUICK MODE COMPLETED **** [2007-03-16 ][==== IKE PHASE 2 ESTABLISHED====] [2007-03-16 ]DISCARDING RETRANSMITTED PACKET... Not sure if this has anything to do with the licenses. Under my connections, is there more than 1 (Ignore one called "other connections" if present) What i'm referring to is actually under the VPN status and then a button on the log page called again Vpn Status which opens up IPSEC Connection status. FYI, we finially decided to go with the Watchguard Core 750E with a Watchguard WG50750 on the other end. I will award if there are no objections from the moderator.
The FVS328 has can run 60 VPN tunnels simultaneously and if you have a FVS 318 in each locaiton you can establish tunnels with the hardware rather than use remote clients software.
I find remote clients good for laptops on the go, but for smalll offices I prefer established hardware tunnels.
However, I can not ping " I assume pinging by IP has been tried, not just name?
Any chance the new site is using the same subnet as the primary office?
If so you still see the options chosen, but cannot change them.
Should you need to change you would need to do so in GP.The other option I was wondering is maybe it was a security setting on the domain that wouldn't allow the pc's to finish the phase 2. I will probably join the domain and then see if the same thing happens to the laptop.If it does, then I know it is definitely in the domain settings being applied to the pc.If not familiar with the process right click on the prosafe icon and choose "security policy editor". You can export the existing first if you want to back it up. Old site 172.16.3.0 New site 192.168.5.0 Exported the known working Policy from my laptop (which will connect via the same exact wall jack) to all pc's. Belonging to or not belonging to the domain shouldn't make a difference except possible name resolution issues, which is why I had asked about pinging by IP.Already made sure that it is selecting the internal network card on each pc. No other computers that are not registered to the domain have the problem in 4 other locations. MDP Bizarre :-) I assume the reason you can connect and not ping is it looks like the phase 2 handshaking is not completing. Does the FVS328 have any way of checking if you have enough user licenses for the clients?It reads,"3-09: .718 Cannot match Policy Entry for received Phase 2 IDs: 3-07: .796 NO MATCHING SECURE CONNECTION (IP ADDR=I removed the ip, it is public) - Error validating Proxy ID" This is the same exact policy on my laptop.