SE VPN 7.0 to Appliance Over DSL No Workie!?!

[nocum]

Don't just say this is another MTU issue - read them all - did them all first. :-(

Okay folks this is a last ditch effort with some new Symantec p/k/a Axent products. The players: Symantec Firewall/VPN Appliance 200R w/ lastest firmware update and Symantec Enterprise Mobile VPN Client 7 software w/ lastest patch/hotfix. DSL using SpeedStream 5861 DSL router with static IP's, & DHCP disabled on FW side from Ameritech. Remote is ZyXel 645 DSL, static IPs, from Speakeasy/Covad, W98 on PC. Host device responds to ping under 40ms.

Typical scenario - works thru an Internet dialup but fails to connect with DSL. Tried Max MTU sets @ 1400, 1350 & 1300 per thread754-166605 - no change - times out on retries with "Communication w/ ISAKMP daemon failed." No blocks on required ports for IPSEC (500, 50 & 51)- client, tunnel, etc. solid settings client & appliance. SE VPN client FW set to allow all ports. IP of notebook dynamic and not in same range as appliance or LAN behind.

Any insights or tools to ferret out the problem would be most appreciated. "Whether you believe you can or you believe you cannot, either way you are right." Henry Ford

 

[nocum]

Addendum - not ports but GRE 50 & 51 as well as GRE 47 are not blocked. What did I miss? "Whether you believe you can or you believe you cannot, either way you are right." Henry Ford

 

[nocum]

Okay, I was wrong - it was MTU size. My findings have been published under Tek-Tips for TCP/IP. "How to find max packet size for DSL, Cable, etc." faq581-1995 and "How to Manually Set MTU in Windows" faq581-1996. Hope this helps someone else. "Whether you believe you can or you believe you cannot, either way you are right." Henry Ford