Avatar of Serge Martin
Serge MartinFlag for Canada

asked on 

Site to Site VPN Sonic Wall Pro 2040 to Contivity 1010

I'm trying to set up a VPN between Sonicwall Pro 2040 and Nortel Contivity. I'm using aggressive mode, Group 2, 3DES&SHA1, ESP 3DES HMAC SHA1, but it doesn't work. It finish the Phase1, start the Phase 2 but in the middle the log show the next message:
Received notify: INVALID_ID_INFO
any idea? thanks.
VPNInternet Protocol SecurityHardware Firewalls

Avatar of undefined
Last Comment
Serge Martin
Avatar of dpk_wal
dpk_wal
Flag of India image

If both the ends have static IP, any specific reason why you want to use aggressive mode and not main mode. Normally for site-to-site VPN we use main mode.

Thank you.
Avatar of Serge Martin
Serge Martin
Flag of Canada image

ASKER

I was unable to save under main mode, but have since been able to do this, both end have static IP addresses.
Avatar of dpk_wal
dpk_wal
Flag of India image

Is the tunnel coming up; can you post few logs which would indicate where the negotitations are failing.

Thank you.
Avatar of ecrutch
ecrutch

There are ID's that are entered in the Sonciwall used as part of the exchange of keys. Sonicwall calls it UFI (Unique FIrewall Identifier). Usually this is the MAC address of the firewall. You can change it to anything you want; just make sure both sides use the same identifier.

Also, try the Sonicwall VPN wizard. It works very well and may clear this up for you.
Avatar of Serge Martin
Serge Martin
Flag of Canada image

ASKER

so the old tunnels using the contivity 1740 had a unique identifier of /base as did the 1010 at the locations, so to get these tunnels up and running I would need to ensure that /base is changed to the new name for the tunnels?
Avatar of Serge Martin
Serge Martin
Flag of Canada image

ASKER

I used the wizard and the shared secret is the same at both end. The old Nortel tunnels that branch offices were the initiators and the HQ router was the responder, if that makes a difference I see the outgoing tunnel connection and the 2040 is the intiator, here is the log:

07/23/2008 13:37:01.896 IKE negotiation aborted due to timeout 69.159.225.84, OTWAON23-1168105812.sdsl.bell.ca 74.15.175.222, OTWAON23-1242542046.sdsl.bell.ca    
7 07/23/2008 13:36:34.880 Malformed or unhandled IP packet dropped 172.30.225.252, 0, LAN 239.255.255.254 IP Protocol 2  
8 07/23/2008 13:36:29.272 ARP timeout   64.230.199.2    
9 07/23/2008 13:36:27.016 IKE Initiator: Received notify. NO_PROPOSAL_CHOSEN 74.15.175.222, OTWAON23-1242542046.sdsl.bell.ca 69.159.225.84, OTWAON23-1168105812.sdsl.bell.ca    
10 07/23/2008 13:36:27.016 RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x3a4e4ddc094982f5, MsgID: 0x0) (NOTIFY:NO_PROPOSAL_CHOSEN) 74.15.175.222, 500, OTWAON23-1242542046.sdsl.bell.ca 69.159.225.84, 500, OTWAON23-1168105812.sdsl.bell.ca    
11 07/23/2008 13:36:26.896 IKE Initiator: No response - remote party timeout 69.159.225.84, 500, OTWAON23-1168105812.sdsl.bell.ca 74.15.175.222, 500, OTWAON23-1242542046.sdsl.bell.ca
SOLUTION
Avatar of dpk_wal
dpk_wal
Flag of India image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of ecrutch
ecrutch

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of Serge Martin
Serge Martin
Flag of Canada image

ASKER

more point for ecrutch as he supplied links to the info I needed.
VPN
VPN

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

26K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo