Thanks, NS/XP, but this is not working for me.
Here's is what I've done so far on my SSG5 firewall/router:
1. Create user "vpnuser" in Objects > Users > Local. User Name: vpnuser. Status: Enable. IKE User: Checked. Simple Identity: Selected. IKE ID Type: Auto. IKE Identity: vpnuser. Authentication User: Checked. User Password and Confirm Password: Both specified.
2. Create new "vpngw" gateway in VPNs > AutoKey Advanced > Gateway. Gateway Name: vpngw. Security Level: Custom. Dialup User: vpnuser. Preshared Key: Specified.
3. Modified advanced settings for "vpngw" gateway. Security Level, User Defined, Custom: Selected. Phase 1 Proposal: rsa-g2-aes128-sha, dsa-g2-aes128-sha. Mode (Initiator): Aggressive.
4. Created new VPN "vpn" in VPNs > AutoKey IKE. VPN Name: vpn. Security Level: Custom. Remote Gateway, Predefined: vpngw.
5. Modified advanced settings for "vpn". Security Level, User Defined, Custom: Selected. Phase 2 Proposal: g2-esp-aes128-sha. Replay Protection: Checked. VPN Monitor: Checked.
6. Added Policy from Untrust to Trust. Source Address, Address Book Entry: Any. Destination Address, Address Book Entry: Dial-Up VPN. Action: Tunnel. Tunnel, VPN: vpn. Tunnel, Modify matching bidirection policy: Checked. Logging: Checked.
7. Verify Policy from Trust to Untrust. (Automatically generated by checked the "Modify matching bidirection policy" mentioned above.) Source Address, Address Book Entry: Dial-Up VPN. Destination Address, Address Book Entry: Any. Action: Tunnel. Tunnel, VPN: vpn. Logging: Checked.
8. Create VPN client connection on my Mac (using Mac OS X 10.5) in System Preferences > Network and click "+" button ("Create a new service") to add VPN (L2TP).
9. Configure connection. Add configuration by clicking Configuration > New Configuration. Specified external IP address of router and username "vpnuser". In "Authentication Settings," added user password and shared secret.
10. Click "Apply", then "Connect."
When I connect, it simply tells me it can't do so, after trying for a few seconds. When I check the file "ppp.log" in Console.app, I only get the following details, which are not helpful:
Sat Aug 2 16:39:12 2008 : IPSec connection started
Sat Aug 2 16:39:22 2008 : IPSec connection failed
I tried following a tutorial for setting a VPN up with certificates which I found on this site, but it didn't work. (After generating a certificate using the router's CSR, I get no means to specify the certificate is for a VPN server.)
So, any ideas?