VPN problem - VPN not responding waiting for MSG 2

I assume you are using the IPSec client (not SSL, which is in fact OpenVPN). MSG2 is the first reply the initiator (client) expects to get - it does not, and you should see the reason on your WatchGuard for that, IF the initial packet arrives there, that is.

Did you stop the Windows Firewall service, or just switched off the firewall? The latter should be done, as the first causes strange behaviour most of the time.
Sadly, there is not much you can test, as IPSec uses a UDP connection on port 500 (switching to UDP/4500 after the first exchanges because you are behind a NAT firewall - your router). UDP connections are more hard to trace, as they are state- and sessionless.

You might want to try out Shrew VPN (http://www.shrew.net/download/vpn), a compatible, free VPN client able to read a WGX file, or update the WatchGuard client if it is older than 2010 (v11).

Another client to try is NCP Secure Entry (www.ncp-e.com). This is not a free client but it is best of breed, works on Windows 7 and 8 Pro 64-bit and works through double NAT arrangements. This is the client I use and I find it very much worth the cost.

.... Thinkpads_User

I'm just using the same software I had before. Dumb question - how do I know if it's using IPSec? I went in to the firewall settings and stopped any firewall I could find. Win7 seems to have more than one (domain, public) although XP could have had them but they were better hidden!

I'll check for client software updates on Watchguard and investigate the Shrew VPN as well.

Thanks

To be continued.......................

If I think about it, a WGX file suggests you use the IPSec client ;-).

What you see about Domain and stuff is called Network Zones, and was invented with Vista. Depending on whether the default gateway is reachable, it is well-known already and such, the firewall determines if you are using a public hotspot or your more secure private home office, and applies different security rules for that. The zones can (and shall) be assigned as soon as a new network is detected.

So you switched off the firewall in the firewall settings - that is great, exactly what you should do. Since you are behind a router, the switched-off local firewall will not matter much (in respect to threads trying to attact from the Web).

You should also make sure you do not use the client on XP and W7 at the same time - that might introduce additional issues, as the WatchGuard might not be able to associate the connection to the client properly, and only one of both will work.

VPN software for XP may not work in a 64-bit environment. That is why I switched to a more universal and capable IPSec client.

how do I know if it's using IPSec?  "VPN not responding waiting for MSG 2" is an IPSec type of message (two phases).

.... Thinkpads_User

"You might want to try out Shrew VPN (http://www.shrew.net/download/vpn), a compatible, free VPN client able to read a WGX file, or update the WatchGuard client if it is older than 2010 (v11)."

I looked on the Watchguard site for an updated client and it seems they are now recommending Shrew VPN! I find this a bit odd as colleagues using Windows 7 have used the same software I installed and they've had no problem.  I downloaded this anyway but it might as well be in Welsh. I couldn't see any option to read in a WGX file?

I've opened a ticket with WG support to see whether they can guide me through.

Thanks all for your help thus far - I'll update this later.

Sorry for the WGX misinformation. Shrew cannot read it, I was mislead by the search results you get mentioning WGX files and Shrew :(.
WatchGuard describes how to create the .vpn file needed for Shrew in
http://www.watchguard.com/help/docs/webui/11/en-US/index_Left.html#CSHID=en-US%2Fmvpn%2Fipsec%2Fmvpn_ipsec_generate-profile-files_web.html|StartTopic=Content%2Fen-US%2Fmvpn%2Fipsec%2Fmvpn_ipsec_generate-profile-files_web.html

Those fellows of you using MUVPN on W7, do they have x86 or x64?

Whatsoever, seems to be a good idea to get WG itself involved.

Shrew does work but we had to add settings in a Juniper Netscreen at a client. We have gone back to NCP because it is robust and reliable. It is not free, but where ever a connection is very important to a client, we use NCP.

.... Thinkpads_User

Thanks again all - I'll look at the details tomorrow and get back to you.

Update - just spoke to my 2 colleagues who also VPN to the office and they are both using Win7 x64 with the same Watchguard software I have installed.

WG also provided a link to instructions re creating a file to import in to Shrew but Help seems to be down as neither that link or the one kindly provided here appear to be working.

And it's only Monday..........

How long ago did you upgrade?

A couple of things:
1. Are you behind a double NAT? This realist from extra networking layers. That is not always fixable without upgrading to a different client that will traverse double NAT systems.

2. Do a TCP/IP repair on your PC.

3. Consider upgrading firmware on your home router.
.    Thinkpads_User

Upgrade the client software you mean? I don't know to be honest - I don't have much to do with the WG box or VPN as you can probably tell!

1.  How can I check?
2.  That's a new one on me - can you advise please?
3.  I'd need to speak to my cable provider about that. I'll look in to it.

Thanks

If your existing VPN application works on other computers, then in theory it should work on your mschine.

What I meant by new client application was different client software like NCP.

Talk to your cable provider first, though.
.... Thinkpads_User

With respect to TCP/IP:

http://support.microsoft.com/kb/299357 to reset TCP/IP  and

http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-Internet-connection-problems  for general troubleshooting steps.

One more thing:  I do not do this and do not necessarily recommend it, but you might try disabling IPv6 to see if that helps. It should not interfere, but in the event it does, disabling may help.

.... Thinkpads_User

See previous post.