Solved

Sonicwall problems

Posted on 2007-11-28
11
4,042 Views
Last Modified: 2009-01-11
Hi

We were using a sonicwall pro 4060 untill the power unit blew. We hastily replaced with a sonicwall pro vz which we had spare and which we originally utilised before upgrading to the 4060. I am now in a strange situation. All vpn clients which were configured for the 4060 will work no problems on the vz however no new connections will work and the log output is as follows

2007/11/28 13:04:49:411      Information      <local host>      The connection "test2" has been enabled.
2007/11/28 13:04:49:791      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:49:792      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:49:831      Information      62.173.92.98      Received invalid ID information notify.
2007/11/28 13:04:49:832      Information      62.173.92.98      Re-evaluating ID info after notify message.
2007/11/28 13:04:49:911      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:202      Information      <local host>      The connection "tidal" has been enabled.
2007/11/28 13:04:51:572      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:51:772      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:51:773      Information      62.173.92.98      NAT Detected: Local host is behind a NAT device.
2007/11/28 13:04:51:774      Information      62.173.92.98      The SA lifetime for phase 1 is 28800 seconds.
2007/11/28 13:04:51:775      Information      62.173.92.98      Phase 1 has completed.
2007/11/28 13:04:51:782      Information      62.173.92.98      Received XAuth request.
2007/11/28 13:04:51:932      Information      62.173.92.98      XAuth has requested a username but one has not yet been specified.
2007/11/28 13:04:51:933      Warning          62.173.92.98      Failed to process packet payloads.
2007/11/28 13:04:51:934      Warning          62.173.92.98      Failed to process mode configuration packet.
2007/11/28 13:04:51:935      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:936      Information      62.173.92.98      User authentication information is needed to complete the connection.
2007/11/28 13:04:54:073      Warning          62.173.92.98      The username/password dialog box was cancelled by the user. The connection will be disabled.

The lst line is a cancelled command as i did not want to connect. The new connections are he exact same configuration as the functioning old connections from the 4060. I am perplexed as to why the old connections work and key exchange takes place, but new connections are failing the phase 1 even though the settings are identical.

Thanks
0
Comment
Question by:jarretta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20365592
phase 1 means authentication, what auth methods do you use.
do you have all user accounts transfered from old box to the new one?
0
 

Author Comment

by:jarretta
ID: 20365621
phase 1 is 3des&md5
phase 2 esp 3des hmac md5.

Cleints use xauth

I redid some users. i recreated myself as auser and tested the old client connection and it worked no probs. However if i create a secondary test connection then it is a no go with the listed log.

I did try different levels of authetication to see if this was an issue but same problem exists.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365685
how have you transfered configuration from 4060 to vz?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jarretta
ID: 20365724
Well, the config was not technically transferred. The pro4060 died completly and we were unable to export configs etc. The device was removed and the spare (from days before my time) was installed. The replacemnt picked up the configuration straight away including all rules, one to one nats etc etc. the only thing missing was the vpn user accounts which i recreated. The interface between the two devices is completly different however after recreating my account and another users, the vpn client connected on the same connection as previously. However any additional conenctions created or new users added will not work.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365755
could it be some license limitations?
0
 

Author Comment

by:jarretta
ID: 20365781
Hmmm, possibly, however I do not understand how the old connections would be allowed, yet if a new connection is made it is denied. unless the user credentials have been cached.

0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365815
if you have recreated users, how can they be cached?
0
 

Author Comment

by:jarretta
ID: 20365974
well was thinking client caching. I am following up on The license thing however still a bit confused as to why one connection would work but not the other. It is the same user just making a different connection usin same details except renaming the connection.
0
 

Author Comment

by:jarretta
ID: 20366009
51 licences included with device. I have 5 users at the moment configured.
0
 
LVL 6

Accepted Solution

by:
sabioit earned 500 total points
ID: 20392835
Read this it may give you some ideas


www.sonicwall.com/downloads/GVC_Peer_is_Not_Responding_to_Phase_1_Requests.pdf

I can help you to reconfigured the settings in case that any of the solutions of the link above doesn't work


I personally don't like to restore sonicwall settings I rather recreate them even if there is a little more work to do

by my experience everytime that i backup the settings in one sonicwall box and restore them in other

wear things start happening

I recreate the settings manually everything goes back to normal
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 88
VPN issue 2 78
VPN Server Configuration in windows 7 7 36
Help on choosing VPN for personal use and if possible free 7 33
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question