Is it possible to create a VPN tunnel between Linksys  RV016 and Sonicwall XRS2?

Posted on 2009-02-16
Last Modified: 2013-11-22
I cant for the life of me connect a tunnel between these two routers.

Original Site is connected to the Internet via a Sonicwall XPRS2, connected to a managed Cisco 1841 router which connects to the Internet through a T1 from the phone company.

New Site connects to the internet via a Linksys RV016, connected to a broadband provider.

Both have static IP addresses.

LAN address is
WAN address is

IPSec Keying Mode: IKE using Preshared Secret
Name: OKC to Houston
Disable This SA: Unchecked
IPSec Gateway Name or Address:
Exchange: Aggressive Mode
Phase 1 DH Group: Group 2
SA Life Time (secs): 28800
Phase 1 Encryption/Authentication: 3DES & MD5
Phase 2 Encryption/Authentication: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5)
Shared Secret: same as the other side
Specify destination networks below:
Network Subnet:
Advanced Settings
Enable Keep Alive: checked
Try to bring up all possible SAs: checked
Require authentication of local users: unchecked
Require authentication of remote users: unchecked
Enable Windows Networking (Netbios) broadcast: checked
Apply NAT and firewall rules: unchecked
Forward packets to remote VPNs: checked
Enable Perfect Forward Secrecy: checked
Phase 2 DH Group: Group 2
Default LAN Gateway:
VPN Terminated at: LAN (other options DMZ, LAN/DMZ)

New Site (Linksys RV016 SIDE)
Its LAN address is
Its WAN address is

Local Group Setup

Tunnel Name: OKC to Houston
Interface: WAN1
Enable: checked

Local Security Gateway Type: IP Only
IP Address: XXX.XXX.152.141
Local Security Group Type: Subnet
IP Address:
Subnet Mask:

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address:
Remote Security Group Type: Subnet
IP Address:
Subnet Mask:

IP Sec Setup
Keying Mode: IKE with preshared key
Phase 1 DH Group: Group 2
Phase 1 Encryption: 3DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 28800 seconds
Perfect Forward Secrecy: Checked
Phase 2 DH Group: Group 1
Phase 2 Encryption: 3DES
Phase 2 Authentication: MD5
Phase 2 SA Life Time: 28000 seconds
Preshared key (same as the other side)

Keep-Alive checked
Compress (Support IPComp) checked
Keep Alive checked
AH Hash Algorith MD5 checked
NETBios broadcast checked
NAT Traversal checked
Dead Peer Detected (interval 10 sec) checked

Anyone see what I have wrong? There is virtually no logging on the Sonicwall to help diagnose the problem, nor is there a place for Phase 2 SA lifetime, nor is there discreet entries for Phase 2 DH groups, etc (As you can see from the entry above it has these vague entries with a laundry list of protocols after)
Question by:Eric_Price
    LVL 76

    Expert Comment

    Don't use aggressive mode exchange, use normal mode on the Sonicwall.
    Or if you prefer to use aggressive mode (less secure since initial information exchange occurs in clear text), make sure to configure the same setting on the RV016.
    LVL 1

    Author Comment

    I originally configured it without aggressive mode, and it didnt work, and I had someone tell me to try using aggressive, which is why it is where it is now. Other thoughts?
    LVL 76

    Accepted Solution

    Are there any log entries on the RV016?  I think you have the initial policy mismatch.  Local LAN, Remote LAN.

    If you are using aggressive mode on the sonicwall, you have not defined what the check is.  Nor have you setup the RV016 to use Aggressive mode.  You also did not include what the check is for the aggressive mode.

    Your RV016 phase 2 has group1 while your sonicwall has group2:
    Phase 2 DH Group: Group 1
    Change this to group2 and set the sonicwall to normal.
    LVL 1

    Author Closing Comment

    Thanks for your help. As it were, I didnt really have a policy mismatch, it was just a typo while I was writing my question. I never could make the old Sonicwall work, but given it was over 5 years old I had no grief on replacing it. New unit was up and running in just a few minutes. Thanks for your willingness to help anyway.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
    The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now