VPN error: The key connection group for a connection changes

 

When you create a dynamic-key connection, you specify a dynamic-key group and an identifier for the remote key server. Later, when you view the properties of the related connection object, the General page of the property sheet displays the same remote key server identifier, but a different dynamic-key group.

Symptom:

When you create a dynamic-key connection, you specify a dynamic-key group and an identifier for the remote key server. Later, when you select Properties on the related connection object, the General page of the property sheet displays the same remote key server identifier, but a different dynamic-key group.

Possible resolution:

The identifier is the only information stored in the VPN policy database that refers to the remote key server of the dynamic-key connection . When VPN looks up a policy for a remote key server, it looks for the first dynamic-key group that has that remote key server identifier in it. So, when you view the properties for one these connections, it uses the same dynamic-key group that VPN found. If you do not want to associate the dynamic-key group with that remote key server, you can do one of the following:

  1. Remove the remote key server from the dynamic-key group.

  2. Expand By Groups in the left pane of the VPN interface, and select and drag the dynamic-key group you want to the top of the table in the right pane. This ensures that VPN checks this dynamic-key group first for the remote key server.

 

Parent topic:

Common VPN configuration errors and how to fix them