RobWasho
asked on
No VPN connectivity after Draytek Firmware upgrade
I have 1 main site (London) where the DC and Exchange server is and 1 satellite site (Colchester).
In each site the local network goes through a Sonicwall TZ 170 Standard Firewall which goes through a Draytek 2600 Plus. A VPN connection is configured at the London Site to connect to Colchester.
A Firmware upgrade was performed on the Draytek router at Colchester. SInce then Colchester cannot connect to the London site for authentication or email. They do have Internet access though.
Both Sonicwall devices are advising various messages in the log: IKE IKE negotiation aborted due to timeout, THEN > IKE Responder: Received Main Mode request (Phase 1) (from London) THEN> IKE Responder: No response - remote party timeout THEN > Received packet retransmission. Drop duplicate packet (London)
Is there anything in thr Draytek which would block access to the VPN ie passtrhough as this is the only thing that has been changed?
In each site the local network goes through a Sonicwall TZ 170 Standard Firewall which goes through a Draytek 2600 Plus. A VPN connection is configured at the London Site to connect to Colchester.
A Firmware upgrade was performed on the Draytek router at Colchester. SInce then Colchester cannot connect to the London site for authentication or email. They do have Internet access though.
Both Sonicwall devices are advising various messages in the log: IKE IKE negotiation aborted due to timeout, THEN > IKE Responder: Received Main Mode request (Phase 1) (from London) THEN> IKE Responder: No response - remote party timeout THEN > Received packet retransmission. Drop duplicate packet (London)
Is there anything in thr Draytek which would block access to the VPN ie passtrhough as this is the only thing that has been changed?
have you allowed vpn pass through on your draytek?
ASKER
Is this in the Remote Access Control Setup?
The following options are ticked:
Enable PPTP VPN Service
Enable IPSec VPN Service
Enable L2TP VPN Service
I have already tried deselecting these but still did not work. I have also tried setting up the DMZ as the local Sonicwall IP in Advanced Setup > NAT Setup > DMZ Host Setup as suggested but still nothing...
The following options are ticked:
Enable PPTP VPN Service
Enable IPSec VPN Service
Enable L2TP VPN Service
I have already tried deselecting these but still did not work. I have also tried setting up the DMZ as the local Sonicwall IP in Advanced Setup > NAT Setup > DMZ Host Setup as suggested but still nothing...
you don't need services
take a look here http://www.support.draytek.co.uk/kb_vigor_passthrough.html
take a look here http://www.support.draytek.co.uk/kb_vigor_passthrough.html
ASKER
Agreed. This is where I got the suggestion from. I also created the rules but did not work...
ASKER
In the Advanced Setup > VPN IKE / IPSec General Setup screen the following settings are made:
IKE Authentication Method: Blank
IPSec Security Method
Medium (AH) ticked
High (ESP)
DES 3DES AES All 3 selected.
Should this be so?
IKE Authentication Method: Blank
IPSec Security Method
Medium (AH) ticked
High (ESP)
DES 3DES AES All 3 selected.
Should this be so?
can you fall back to the previous version?
and have you reconfigured that box from default or just upgraded with latest configuration?
and have you reconfigured that box from default or just upgraded with latest configuration?
if you have upgraded from previous configuration, may be it is good idea to reset box to default and configure features you want
ASKER
Cannot fallback to earlier Firmware version. Reconfigured it using a backup that was performed. I will try restting the box now...thanks I will let you know how I get on
ASKER
Still the same unfortunately. There must be something on the Router that is blocking VPN Traffic. Is there any port that Sonicwall uses that needs to be opened?
sonicwall is configured as vpn router, so everything should be fine by default.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.