Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sonicwall problems

Posted on 2007-11-28
11
Medium Priority
?
4,077 Views
Last Modified: 2009-01-11
Hi

We were using a sonicwall pro 4060 untill the power unit blew. We hastily replaced with a sonicwall pro vz which we had spare and which we originally utilised before upgrading to the 4060. I am now in a strange situation. All vpn clients which were configured for the 4060 will work no problems on the vz however no new connections will work and the log output is as follows

2007/11/28 13:04:49:411      Information      <local host>      The connection "test2" has been enabled.
2007/11/28 13:04:49:791      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:49:792      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:49:831      Information      62.173.92.98      Received invalid ID information notify.
2007/11/28 13:04:49:832      Information      62.173.92.98      Re-evaluating ID info after notify message.
2007/11/28 13:04:49:911      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:202      Information      <local host>      The connection "tidal" has been enabled.
2007/11/28 13:04:51:572      Information      62.173.92.98      Starting ISAKMP phase 1 negotiation.
2007/11/28 13:04:51:772      Information      62.173.92.98      Starting aggressive mode phase 1 exchange.
2007/11/28 13:04:51:773      Information      62.173.92.98      NAT Detected: Local host is behind a NAT device.
2007/11/28 13:04:51:774      Information      62.173.92.98      The SA lifetime for phase 1 is 28800 seconds.
2007/11/28 13:04:51:775      Information      62.173.92.98      Phase 1 has completed.
2007/11/28 13:04:51:782      Information      62.173.92.98      Received XAuth request.
2007/11/28 13:04:51:932      Information      62.173.92.98      XAuth has requested a username but one has not yet been specified.
2007/11/28 13:04:51:933      Warning          62.173.92.98      Failed to process packet payloads.
2007/11/28 13:04:51:934      Warning          62.173.92.98      Failed to process mode configuration packet.
2007/11/28 13:04:51:935      Information      62.173.92.98      Sending phase 1 delete.
2007/11/28 13:04:51:936      Information      62.173.92.98      User authentication information is needed to complete the connection.
2007/11/28 13:04:54:073      Warning          62.173.92.98      The username/password dialog box was cancelled by the user. The connection will be disabled.

The lst line is a cancelled command as i did not want to connect. The new connections are he exact same configuration as the functioning old connections from the 4060. I am perplexed as to why the old connections work and key exchange takes place, but new connections are failing the phase 1 even though the settings are identical.

Thanks
0
Comment
Question by:jarretta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20365592
phase 1 means authentication, what auth methods do you use.
do you have all user accounts transfered from old box to the new one?
0
 

Author Comment

by:jarretta
ID: 20365621
phase 1 is 3des&md5
phase 2 esp 3des hmac md5.

Cleints use xauth

I redid some users. i recreated myself as auser and tested the old client connection and it worked no probs. However if i create a secondary test connection then it is a no go with the listed log.

I did try different levels of authetication to see if this was an issue but same problem exists.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365685
how have you transfered configuration from 4060 to vz?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:jarretta
ID: 20365724
Well, the config was not technically transferred. The pro4060 died completly and we were unable to export configs etc. The device was removed and the spare (from days before my time) was installed. The replacemnt picked up the configuration straight away including all rules, one to one nats etc etc. the only thing missing was the vpn user accounts which i recreated. The interface between the two devices is completly different however after recreating my account and another users, the vpn client connected on the same connection as previously. However any additional conenctions created or new users added will not work.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365755
could it be some license limitations?
0
 

Author Comment

by:jarretta
ID: 20365781
Hmmm, possibly, however I do not understand how the old connections would be allowed, yet if a new connection is made it is denied. unless the user credentials have been cached.

0
 
LVL 21

Expert Comment

by:from_exp
ID: 20365815
if you have recreated users, how can they be cached?
0
 

Author Comment

by:jarretta
ID: 20365974
well was thinking client caching. I am following up on The license thing however still a bit confused as to why one connection would work but not the other. It is the same user just making a different connection usin same details except renaming the connection.
0
 

Author Comment

by:jarretta
ID: 20366009
51 licences included with device. I have 5 users at the moment configured.
0
 
LVL 6

Accepted Solution

by:
sabioit earned 2000 total points
ID: 20392835
Read this it may give you some ideas


www.sonicwall.com/downloads/GVC_Peer_is_Not_Responding_to_Phase_1_Requests.pdf

I can help you to reconfigured the settings in case that any of the solutions of the link above doesn't work


I personally don't like to restore sonicwall settings I rather recreate them even if there is a little more work to do

by my experience everytime that i backup the settings in one sonicwall box and restore them in other

wear things start happening

I recreate the settings manually everything goes back to normal
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question