Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1427
  • Last Modified:

Is it possible to create a VPN tunnel between Linksys RV016 and Sonicwall XRS2?

I cant for the life of me connect a tunnel between these two routers.

Original Site is connected to the Internet via a Sonicwall XPRS2, connected to a managed Cisco 1841 router which connects to the Internet through a T1 from the phone company.

New Site connects to the internet via a Linksys RV016, connected to a broadband provider.

Both have static IP addresses.

Original Site (SONICWALL XPRS2 SIDE)
LAN address is 192.168.0.1
WAN address is xxx.xxx.85.162

IPSec Keying Mode: IKE using Preshared Secret
Name: OKC to Houston
Disable This SA: Unchecked
IPSec Gateway Name or Address: 75.148.152.141
Exchange: Aggressive Mode
Phase 1 DH Group: Group 2
SA Life Time (secs): 28800
Phase 1 Encryption/Authentication: 3DES & MD5
Phase 2 Encryption/Authentication: Strong Encrypt and Authenticate (ESP 3DES HMAC MD5)
Shared Secret: same as the other side
Specify destination networks below:
Network 192.168.1.0 Subnet: 255.255.255.0
Advanced Settings
Enable Keep Alive: checked
Try to bring up all possible SAs: checked
Require authentication of local users: unchecked
Require authentication of remote users: unchecked
Enable Windows Networking (Netbios) broadcast: checked
Apply NAT and firewall rules: unchecked
Forward packets to remote VPNs: checked
Enable Perfect Forward Secrecy: checked
Phase 2 DH Group: Group 2
Default LAN Gateway: 0.0.0.0
VPN Terminated at: LAN (other options DMZ, LAN/DMZ)

New Site (Linksys RV016 SIDE)
Its LAN address is 192.168.1.1
Its WAN address is xxx.xxx.152.141

Local Group Setup

Tunnel Name: OKC to Houston
Interface: WAN1
Enable: checked

Local Security Gateway Type: IP Only
IP Address: XXX.XXX.152.141
Local Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only
IP Address: xxx.xxx.85.162
Remote Security Group Type: Subnet
IP Address: 192.168.0.0
Subnet Mask: 255.255.255.0

IP Sec Setup
Keying Mode: IKE with preshared key
Phase 1 DH Group: Group 2
Phase 1 Encryption: 3DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 28800 seconds
Perfect Forward Secrecy: Checked
Phase 2 DH Group: Group 1
Phase 2 Encryption: 3DES
Phase 2 Authentication: MD5
Phase 2 SA Life Time: 28000 seconds
Preshared key (same as the other side)

Advanced
Keep-Alive checked
Compress (Support IPComp) checked
Keep Alive checked
AH Hash Algorith MD5 checked
NETBios broadcast checked
NAT Traversal checked
Dead Peer Detected (interval 10 sec) checked

Anyone see what I have wrong? There is virtually no logging on the Sonicwall to help diagnose the problem, nor is there a place for Phase 2 SA lifetime, nor is there discreet entries for Phase 2 DH groups, etc (As you can see from the entry above it has these vague entries with a laundry list of protocols after)
0
Eric_Price
Asked:
Eric_Price
  • 2
  • 2
1 Solution
 
arnoldCommented:
Don't use aggressive mode exchange, use normal mode on the Sonicwall.
Or if you prefer to use aggressive mode (less secure since initial information exchange occurs in clear text), make sure to configure the same setting on the RV016.
0
 
Eric_PriceAuthor Commented:
I originally configured it without aggressive mode, and it didnt work, and I had someone tell me to try using aggressive, which is why it is where it is now. Other thoughts?
0
 
arnoldCommented:
Are there any log entries on the RV016?  I think you have the initial policy mismatch.  Local LAN, Remote LAN.

If you are using aggressive mode on the sonicwall, you have not defined what the check is.  Nor have you setup the RV016 to use Aggressive mode.  You also did not include what the check is for the aggressive mode.

Your RV016 phase 2 has group1 while your sonicwall has group2:
Phase 2 DH Group: Group 1
Change this to group2 and set the sonicwall to normal.
0
 
Eric_PriceAuthor Commented:
Thanks for your help. As it were, I didnt really have a policy mismatch, it was just a typo while I was writing my question. I never could make the old Sonicwall work, but given it was over 5 years old I had no grief on replacing it. New unit was up and running in just a few minutes. Thanks for your willingness to help anyway.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now