VPN-1 SecuRemote/SecureClient NGX R60 HFA2 problems on Vista & XP

[thomaz]

When using the VPN-1 SecuRemote/SecureClient NGX R60 HFA2 on Vista & XP our user are getting their eventlogs flooded (hundreds of messages) with the following error:

Log Name: System
Source: FW1
Date: 03/09/2007 16:55:39
Event ID: 1
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: [xxx]
Description:
FW1: F
Sending reset dire

This problem only occurs when using this SecureClient version, older versions (on XP) are not affected. Any thoughts?

[stachr]

I've also seen this with SecuRemote NGX R60 HFA-02, but am still at a loss to explain why it occurs!!

[thomaz]

In the mean time I did some further research on this. It appears that this issue does not occur when I click the "Disable Security Policy" option while connected.

I then tried to disable this option by default, by issuing the "scc sp off" command from a commandline, but then I get "This operation is denied by current settings." Seems that the api_manual_slan_control in my userc.C file is set to false.

Is there another way to disable the security policy by default without having to mess with commandlines or changing the userc.C file?

[thomaz]

I think I nailed down the issue. After running the SecureClient Log Viewer, Wireshark and the Windows eventviewer side by side, I discovered that the message appears when my client tries to make DNS queries to my provider while connected to the VPN. There is a rule that does not allow this, DNS queries should be routed through the VPN while connected.

A rule is a rule, so I don't have a problem with this. If only my SecureClient would not log an error message in the eventlog each time ;-(

[JohnMH]

just set logging in desktop policy for a rule that matches the traffic to no logging

John