We help IT Professionals succeed at work.

SonicWall VPN Tunnel Issue

Last Modified: 2011-09-20
I am running a Sonic Wall Pro2040 and I am trying to connect to my client's network through a VPN I configured. I have verified their gateway's IP is correct, but I can't ping that address. The only setting that seems to be sticking out is that the green active indicator is only on ONE policy and not both. I just checked the log and I see "IKE Initiator: Recieved notify. NO_PROPOSAL-CHOSEN" This message is coming from the IP that I am trying to connect to.
Please any assistance is greatly appreciated?
Watch Question

is this a site to site vpn between two sonicwall's? or are you using the VPN client? what firmware versions are you using?is this a new or existing tunnel?
What version of SonicOS are you running?

Are both endpoints SonicWALLs? If so, details of the other one (model, OS etc) would be useful.

"can't ping..." - this is fine, firewalls often drop incoming ICMP packets from the WAN. This does not necessarily indicate a problem

"green light" - this only comes on when the tunnel is active. Since your tunnel isn't working, I would expect there to be no green light. Which policy is the green light on for?

Have you configured the VPN IKE proposals etc identically both ends?

Use the steps from :

and disregard the DHCP over VPN bits if they aren't relevant to you...
SmullingsIT System Director


The version is Firmware Version: SonicOS Standard .
The green light is for a policy that is active for another client I support. Is there anything I should look for as far as that is concerned?

VPN IKE proposal =  I was told by the site admin that he shows both side's from his end that we are connected to the tunnel which would indicate that the IKE settings are correct, Am I correct?

I have verified that the shared secret is correct as well.

Oh and this would be a tunnel from My external LAN (not part of the enterprise) to their site lan.

Any Ideas?

SmullingsIT System Director


I missed one question, I don't know the exact model but they are using Cisco product. I apologize for the lack of information.
in the sonicwall Recieved notify. NO_PROPOSAL-CHOSEN" means the policy does not match or not configured correctly.
on the vpn policy use IPSec Keying Mode:
IPSec Primary Gateway Name or Address: add public IP of Cisco
Specify destination networks below  add network address example
on proposal page leave defaults and uncheck Enable Perfect Forward Secrecy
make sure Encryption: and Authentication: match
on advanced page VPN Terminated at: LAN
on the VPN > Advanced VPN Settings check box for Preserve IKE Port for Pass Through Connections
to allow ping create firewall access rule to allow ping from wan to private ip of sonicwall lan interface
SmullingsIT System Director


Here is an update. We changed where the VPN terminate's from LAN/DMZ to LAN, and immediately both tunnels negiotated instantly and connected. But I still cannot ping any Node that I need to access. The admin on the tunnel;s other end is stating that I have all the access, but I dont't think so. They are using a NETSCREEN firewall. Now what could be the issue?
SmullingsIT System Director


What would prevent normal traffick to flow through a site to wan VPN? Although NETBIOS traffic normally on both sides of the tunnel?
We are running a dual NIC server 1 has a static IP, another has a dynamic IP.I can ping their gateway and it replies, but that's where the problem lies. Could an outdated firmware cause this issue? We are using a SonicWall Pro 2040 & They are using  Netscreen,
Unlock this solution and get a sample of our free trial.
(No credit card required)

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.