Sophos updating policy awaiting policy transfer
If you're getting errors in your logs related to preshared keys, you may have mismatched keys on either end of the VPN connection.
If this is the case, your logs may indicate that exchanges between the client and VPN server are fine well into the IKE main mode security associations.
The Exchange Server Analyzer reads the following registry key to determine whether a system restart is required after installation or removal of a software update such as a security update, critical update, or hotfix.
In general, if your users open the following ports in their software, you should see a stop to the complaints: You may also have custom configured ports for IPSec/UDP and IPSec/TCP.
Some time after this part of the exchange, logs will indicate a problem with keys.
On the concentrator, go to the Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN option and select your IPsec configuration.
The old standby, [Ctrl][Alt][Del], still works, though, and users will need to type their usernames and passwords instead of clicking a picture of a cat.
(Note: Fast User Switching can be enabled by disabling the client's "Start Before Login" feature.
This could have its own problems, though, so I wouldn't recommend it unless you really, really need Fast User Switching.) One more thing regarding the client install – Cisco does not recommend installing multiple VPN clients on the same PC.