Solved

Issues establishing point-to-point VPN from SonicWall TZ180 to ISA 2004

Posted on 2007-11-29
5
2,069 Views
Last Modified: 2012-05-05
We are setting up Point-to-point VPN tunnels to remote offices using DSL lines with SonicWall TZ180s at the remote locations.  These are connecting to a ISA 2004 firewall running on a windows 2003 server at our data center.  We have had 2 successful sites connt but I am stuck on the third.  Everything appears to be identically configured between the 3 sites, but I keep getting the following ewrror mesage on the ISA server whenever the remote site tries to establish the tunnel:

IKE security association negotiation failed.
 Mode:
Data Protection Mode (Quick Mode)

 Filter:
Source IP Address 192.168.10.0
Source IP Address Mask 255.255.255.0
Destination IP Address 192.168.25.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 216.75.59.2
IKE Peer Addr 99.164.27.153
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr

 Peer Identity:
Preshared key ID.
Peer IP Address: 99.164.27.153

  Failure Point:
Me

 Failure Reason:
No policy configured

 Extra Status:
Processed third (ID) payload
Responder.  Delta Time 0
 0x0 0x0

On the sonicwall we get the following matching error on the Log:

12 11/29/2007 09:57:57.316 Received notify: INVALID_ID_INFO 216.75.59.2, dcmopxy01.mossy.com (admin) 99.164.27.153    
13 11/29/2007 09:57:57.283 IKE Initiator: Start Quick Mode (Phase 2). 99.164.27.153, 500 216.75.59.2, 500, dcmopxy01.mossy.com
0
Comment
Question by:sobergfell
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20376124
looks like your sonicwall tries to use different ID than ISA expects.
please double chech, that your sonicwall router uses IP address as ID
0
 

Author Comment

by:sobergfell
ID: 20376320
I don't think that is the issue.  All the SonicWalls ( including the 2 that are working ) use thier serial numbers as unique firewall identifiers.  Other than that all units are Id'd by IP address.

I had SonicWall tech support verify the settings on the Sonicwall to make sure they were setup correctly.



0
 
LVL 21

Expert Comment

by:from_exp
ID: 20376761
looking at the log you have provided, it seems that you miss configured policy for peer 99.164.27.153
0
 

Author Comment

by:sobergfell
ID: 20376803
The ISA creates the IPsec policies based on the wizard used to create the network object and the network rules.  I suppose I could always just delete and recreate these objects.
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
ID: 20376881
try to do that. try to run the wizard again if necessary
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question