?
Solved

Issues establishing point-to-point VPN from SonicWall TZ180 to ISA 2004

Posted on 2007-11-29
5
Medium Priority
?
2,098 Views
Last Modified: 2012-05-05
We are setting up Point-to-point VPN tunnels to remote offices using DSL lines with SonicWall TZ180s at the remote locations.  These are connecting to a ISA 2004 firewall running on a windows 2003 server at our data center.  We have had 2 successful sites connt but I am stuck on the third.  Everything appears to be identically configured between the 3 sites, but I keep getting the following ewrror mesage on the ISA server whenever the remote site tries to establish the tunnel:

IKE security association negotiation failed.
 Mode:
Data Protection Mode (Quick Mode)

 Filter:
Source IP Address 192.168.10.0
Source IP Address Mask 255.255.255.0
Destination IP Address 192.168.25.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 216.75.59.2
IKE Peer Addr 99.164.27.153
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

 Peer Identity:
Preshared key ID.
Peer IP Address: 99.164.27.153

  Failure Point:
Me

 Failure Reason:
No policy configured

 Extra Status:
Processed third (ID) payload
Responder.  Delta Time 0
 0x0 0x0

On the sonicwall we get the following matching error on the Log:

12 11/29/2007 09:57:57.316 Received notify: INVALID_ID_INFO 216.75.59.2, dcmopxy01.mossy.com (admin) 99.164.27.153    
13 11/29/2007 09:57:57.283 IKE Initiator: Start Quick Mode (Phase 2). 99.164.27.153, 500 216.75.59.2, 500, dcmopxy01.mossy.com
0
Comment
Question by:sobergfell
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20376124
looks like your sonicwall tries to use different ID than ISA expects.
please double chech, that your sonicwall router uses IP address as ID
0
 

Author Comment

by:sobergfell
ID: 20376320
I don't think that is the issue.  All the SonicWalls ( including the 2 that are working ) use thier serial numbers as unique firewall identifiers.  Other than that all units are Id'd by IP address.

I had SonicWall tech support verify the settings on the Sonicwall to make sure they were setup correctly.



0
 
LVL 21

Expert Comment

by:from_exp
ID: 20376761
looking at the log you have provided, it seems that you miss configured policy for peer 99.164.27.153
0
 

Author Comment

by:sobergfell
ID: 20376803
The ISA creates the IPsec policies based on the wizard used to create the network object and the network rules.  I suppose I could always just delete and recreate these objects.
0
 
LVL 21

Accepted Solution

by:
from_exp earned 1000 total points
ID: 20376881
try to do that. try to run the wizard again if necessary
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question