Solved

Sonicwall problems

Posted on 2007-11-28
11
4,040 Views
Last Modified: 2009-01-11
Hi

We were using a sonicwall pro 4060 untill the power unit blew. We hastily replaced with a sonicwall pro vz which we had spare and which we originally utilised before upgrading to the 4060. I am now in a strange situation. All vpn clients which were configured for the 4060 will work no problems on the vz however no new connections will work and the log output is as follows

2007/11/28 13:04:49:411      Information      <local host>      The connection "test2" has been enabled.
2007/11/28 13:04:49:791      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:49:792      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:49:831      Information      62.173.92.98      Received invalid ID information notify.
2007/11/28 13:04:49:832      Information      62.173.92.98      Re-evaluating ID info after notify message.
2007/11/28 13:04:49:911      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:202      Information      <local host>      The connection "tidal" has been enabled.
2007/11/28 13:04:51:572      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:51:772      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:51:773      Information      62.173.92.98      NAT Detected: Local host is behind a NAT device.
2007/11/28 13:04:51:774      Information      62.173.92.98      The SA lifetime for phase 1 is 28800 seconds.
2007/11/28 13:04:51:775      Information      62.173.92.98      Phase 1 has completed.
2007/11/28 13:04:51:782      Information      62.173.92.98      Received XAuth request.
2007/11/28 13:04:51:932      Information      62.173.92.98      XAuth has requested a username but one has not yet been specified.
2007/11/28 13:04:51:933      Warning          62.173.92.98      Failed to process packet payloads.
2007/11/28 13:04:51:934      Warning          62.173.92.98      Failed to process mode configuration packet.
2007/11/28 13:04:51:935      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:936      Information      62.173.92.98      User authentication information is needed to complete the connection.
2007/11/28 13:04:54:073      Warning          62.173.92.98      The username/password dialog box was cancelled by the user. The connection will be disabled.

The lst line is a cancelled command as i did not want to connect. The new connections are he exact same configuration as the functioning old connections from the 4060. I am perplexed as to why the old connections work and key exchange takes place, but new connections are failing the phase 1 even though the settings are identical.

Thanks
0
Comment
Question by:jarretta
  • 5
  • 4
11 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20365592
phase 1 means authentication, what auth methods do you use.
do you have all user accounts transfered from old box to the new one?
0
 

Author Comment

by:jarretta
ID: 20365621
phase 1 is 3des&md5
phase 2 esp 3des hmac md5.

Cleints use xauth

I redid some users. i recreated myself as auser and tested the old client connection and it worked no probs. However if i create a secondary test connection then it is a no go with the listed log.

I did try different levels of authetication to see if this was an issue but same problem exists.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365685
how have you transfered configuration from 4060 to vz?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:jarretta
ID: 20365724
Well, the config was not technically transferred. The pro4060 died completly and we were unable to export configs etc. The device was removed and the spare (from days before my time) was installed. The replacemnt picked up the configuration straight away including all rules, one to one nats etc etc. the only thing missing was the vpn user accounts which i recreated. The interface between the two devices is completly different however after recreating my account and another users, the vpn client connected on the same connection as previously. However any additional conenctions created or new users added will not work.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365755
could it be some license limitations?
0
 

Author Comment

by:jarretta
ID: 20365781
Hmmm, possibly, however I do not understand how the old connections would be allowed, yet if a new connection is made it is denied. unless the user credentials have been cached.

0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365815
if you have recreated users, how can they be cached?
0
 

Author Comment

by:jarretta
ID: 20365974
well was thinking client caching. I am following up on The license thing however still a bit confused as to why one connection would work but not the other. It is the same user just making a different connection usin same details except renaming the connection.
0
 

Author Comment

by:jarretta
ID: 20366009
51 licences included with device. I have 5 users at the moment configured.
0
 
LVL 6

Accepted Solution

by:
sabioit earned 500 total points
ID: 20392835
Read this it may give you some ideas


www.sonicwall.com/downloads/GVC_Peer_is_Not_Responding_to_Phase_1_Requests.pdf

I can help you to reconfigured the settings in case that any of the solutions of the link above doesn't work


I personally don't like to restore sonicwall settings I rather recreate them even if there is a little more work to do

by my experience everytime that i backup the settings in one sonicwall box and restore them in other

wear things start happening

I recreate the settings manually everything goes back to normal
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 31
Cisco ASA 3 34
Receiving wifi on an underground station 22 95
Auto-launch VPN via Wifi 7 49
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question