Finally completed the DR of our firewall – 8 days after starting it….
The config of the old firewall was moved successfully onto the new server although we found that the routes had not been setup on the firewall. These were added back in and Symantec VPN Client used to connect to the firewall but this wouldn’t work. Nothing in the logs were obvious and our config was sent to symantec to reproduce which they managed to do. They were able to come up with a solution of modifying the vpn client config to use very strong encryption as opposed to strong encryption. Not sure why we would have to do that as it worked on strong beforehand and therefore shouldn’t need to change.
I got the firewall installed in a test environment this morning and it wouldn’t connect yet examing the startup log process I saw that the VPN Policies couldn’t be found yet they were there in the configuration program. I changed the description of the vpn policies by adding a space to the end and then resaved the config. A reboot of the firewall and I was connecting!
Hopefully this post will help someone else (and me when I have to do this again).
The next fun job on the firewall is to upgrade it to a new version of the firewall and try that instead.