Advertisement

11.29.2007 at 10:23AM PST, ID: 22991292
[x]
Attachment Details

Issues establishing point-to-point VPN from SonicWall TZ180 to ISA 2004

Asked by sobergfell in Virtual Private Networking (VPN), MS Internet Security & Accel

Tags: sonicwall, tz180, invalid_id_info, vpn

We are setting up Point-to-point VPN tunnels to remote offices using DSL lines with SonicWall TZ180s at the remote locations.  These are connecting to a ISA 2004 firewall running on a windows 2003 server at our data center.  We have had 2 successful sites connt but I am stuck on the third.  Everything appears to be identically configured between the 3 sites, but I keep getting the following ewrror mesage on the ISA server whenever the remote site tries to establish the tunnel:

IKE security association negotiation failed.
 Mode:
Data Protection Mode (Quick Mode)

 Filter:
Source IP Address 192.168.10.0
Source IP Address Mask 255.255.255.0
Destination IP Address 192.168.25.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 216.75.59.2
IKE Peer Addr 99.164.27.153
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

 Peer Identity:
Preshared key ID.
Peer IP Address: 99.164.27.153

  Failure Point:
Me

 Failure Reason:
No policy configured

 Extra Status:
Processed third (ID) payload
Responder.  Delta Time 0
 0x0 0x0

On the sonicwall we get the following matching error on the Log:

12 11/29/2007 09:57:57.316 Received notify: INVALID_ID_INFO 216.75.59.2, dcmopxy01.mossy.com (admin) 99.164.27.153    
13 11/29/2007 09:57:57.283 IKE Initiator: Start Quick Mode (Phase 2). 99.164.27.153, 500 216.75.59.2, 500, dcmopxy01.mossy.com
Start Free Trial
[+][-]11.29.2007 at 10:47AM PST, ID: 20376124

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.29.2007 at 11:09AM PST, ID: 20376320

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.29.2007 at 12:00PM PST, ID: 20376761

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11.29.2007 at 12:03PM PST, ID: 20376803

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11.29.2007 at 12:11PM PST, ID: 20376881

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Virtual Private Networking (VPN), MS Internet Security & Accel
Tags: sonicwall, tz180, invalid_id_info, vpn
Sign Up Now!
Solution Provided By: from_exp
Participating Experts: 1
Solution Grade: C
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628