Solved

Sonicwall TZ170 VPN to Linksys WRVS4400N

Posted on 2009-04-03
4
4,019 Views
Last Modified: 2012-05-06
I'm attempting to connect my two office sites using a VPN. The primary office is using a Sonicwall TZ 170 running firmware SonicOS Enhanced 3.4.0.0-7e. The branch office is using a Linksys WRVS4400N Running Firmware V1.1.03.

I read another question on EE which addressed the same issue, but it referenced an article on delilama.net which appears to no longer be up. I've configured everything to the best of my knowledge and am still not able to establish the tunnel.

Here are the settings on the Linksys for VPN:
Tunnel Name: (Serial Number of Sonicwall)

Local Security Gateway Type: IP Only
IP Address: Greyed out, but it is the WAN address of the Linksys
Local Security Group Type: Subnet
IP Address: 192.168.17.1 (LAN Address of Linksys)
Subnet Masl: 255.255.255.0

Remote Security Gateway Type: IP Only
IP Address: (WAN Address of SonicWall)
Remote Security Group Type: Subnet
IP Address: 192.168.16.1 (LAN Address of Sonicwall)
Subnet Mask: 255.255.255.0

IPSec Setup---

Keying Mode: IKE with Preshared Key

Phase 1----
Encryption: 3DES
Authentication: MD5
Group: 768 bit
Key Life Time: 28800 sec

Phase 2-----
Encryption: 3DES
Authentication: MD5
Perfect Forard Secrecy: Disable
Preshared Key: 81AC279BD145
Group: 768-bit
Key Life Time: 3600 sec

Advance:
Aggressive Mode (Checked)
NetBIOS Broadcast (Checked)

________________________________________

Now the settings from the SonicWall:

General Tab----
Auth Mode: IKE using Preshared Secret
Name: (External MAC Address of Linksys)
IPsec Primary Gateway Name or Address: (WAN Address of Linksys)
IpSec Secondary Gateway Name or Address: 0.0.0.0

IKE Authentication--
Shared Secret: 81AC279BD145
Local IKE ID: SonicWall Identifier: 001c10f529CB (External MAC of linksys)
Peer IKE ID: SonicWall Identifier: 001c10f529cb (External MAC of Linksys)

Network Tab----

Local Netwrorks: Choose Local network from List (Lan Primary Subnet)
Destination Networks: Choose Destination netwrok from list (custom range that says subnet of linksys in other office) - settings from custom address object below:

Custom Address Object Name: 4314Range
Zone Assign: VPN
Type: Range
Start IP Address: 192.168.17.1
End IP Address: 192.168.17.254

Proposals Tab----

IKE (Phase 1) Proposal
Exchange: Aggressive Mode
DH Group: Group 1
Encryption: 3DES
Authentication: MD5
Life time: 28800

IKE (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: MD5
Enable Perfect Forward Secrecy (Unchecked)
DH Group; Group 1
Life Time: 28800

Advanced Tab-----
Enable Keep Alive - Checked
Suppress automatic access rules creation for vpn policy - unchecked
Require auth of vpn clients by xauth - unchekced
user grou for xauth users - greyed out
enable windows network (netbios) broadcast - unchecked
enable multicast - unchecked
apply nat policies - unchecked
translated local network - greyed out
translated remote network - greyed out
management via this SA: (both unchekced)
user login from this sa: (both unchecked)
default lan gateway: 0.0.0.0
VPN Policy Bound to: Zone WAN



Log File from Linksys:
Mar 7 10:41:34 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:41:34 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:41:34 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:41:34 - [VPN Log]: "0006B13E9A44" #8: peer's ID_USER_FQDN contains no @
Mar 7 10:41:34 - [VPN Log]: "0006B13E9A44" #8: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:41:34 - [VPN Log]: "0006B13E9A44" #8: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:41:40 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:41:40 - [VPN Log]: "0006B13E9A44" #9: peer's ID_USER_FQDN contains no @
Mar 7 10:41:40 - [VPN Log]: "0006B13E9A44" #9: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:41:40 - [VPN Log]: "0006B13E9A44" #9: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:41:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:41:51 - [VPN Log]: "0006B13E9A44" #10: peer's ID_USER_FQDN contains no @
Mar 7 10:41:51 - [VPN Log]: "0006B13E9A44" #10: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:41:51 - [VPN Log]: "0006B13E9A44" #10: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:42:10 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:42:10 - [VPN Log]: "0006B13E9A44" #11: peer's ID_USER_FQDN contains no @
Mar 7 10:42:10 - [VPN Log]: "0006B13E9A44" #11: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:42:10 - [VPN Log]: "0006B13E9A44" #11: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:42:45 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:42:45 - [VPN Log]: "0006B13E9A44" #12: peer's ID_USER_FQDN contains no @
Mar 7 10:42:45 - [VPN Log]: "0006B13E9A44" #12: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:42:45 - [VPN Log]: "0006B13E9A44" #12: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:42:50 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:42:50 - [VPN Log]: "0006B13E9A44" #13: peer's ID_USER_FQDN contains no @
Mar 7 10:42:50 - [VPN Log]: "0006B13E9A44" #13: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:42:50 - [VPN Log]: "0006B13E9A44" #13: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:42:59 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:42:59 - [VPN Log]: "0006B13E9A44" #14: peer's ID_USER_FQDN contains no @
Mar 7 10:42:59 - [VPN Log]: "0006B13E9A44" #14: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:42:59 - [VPN Log]: "0006B13E9A44" #14: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:43:17 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:43:17 - [VPN Log]: "0006B13E9A44" #15: peer's ID_USER_FQDN contains no @
Mar 7 10:43:17 - [VPN Log]: "0006B13E9A44" #15: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:43:17 - [VPN Log]: "0006B13E9A44" #15: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [Dead Peer Detection]
Mar 7 10:43:51 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [XAUTH]
Mar 7 10:43:51 - [VPN Log]: "0006B13E9A44" #16: peer's ID_USER_FQDN contains no @
Mar 7 10:43:51 - [VPN Log]: "0006B13E9A44" #16: initial Aggressive Mode packet claiming to be from 24.39.122.206 on 24.39.122.206 but no connection has been authorized
Mar 7 10:43:51 - [VPN Log]: "0006B13E9A44" #16: sending notification INVALID_ID_INFORMATION to 24.39.122.206:500
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [5b362bc820f60006]
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 7 10:43:57 - [VPN Log]: packet from 24.39.122.206:500: ignoring unknown Vendor ID payload [da8e937880010000]


Log File from SonicWall:

 04/03/2009 13:09:14.816 Notice Network Access Web management request allowed 192.168.16.253, 4257, LAN, VLS-TERMSERVER (admin) 192.168.16.1, 80, LAN TCP HTTP  
2 04/03/2009 13:09:09.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
3 04/03/2009 13:09:09.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
4 04/03/2009 13:08:57.336 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
5 04/03/2009 13:08:33.864 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
6 04/03/2009 13:08:33.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
7 04/03/2009 13:08:14.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
8 04/03/2009 13:08:05.896 Notice Network Access Web management request allowed 192.168.16.253, 4228, LAN, VLS-TERMSERVER (admin) 192.168.16.1, 80, LAN TCP HTTP  
9 04/03/2009 13:08:03.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
10 04/03/2009 13:07:58.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
11 04/03/2009 13:07:58.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
12 04/03/2009 13:07:53.352 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
13 04/03/2009 13:07:25.864 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
14 04/03/2009 13:07:25.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
15 04/03/2009 13:07:05.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
16 04/03/2009 13:06:54.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
17 04/03/2009 13:06:50.192 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
18 04/03/2009 13:06:49.176 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
19 04/03/2009 13:06:40.880 Notice Network Access Web management request allowed 192.168.16.253, 4205, LAN, VLS-TERMSERVER (admin) 192.168.16.1, 80, LAN TCP HTTP  
20 04/03/2009 13:06:37.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
21 04/03/2009 13:06:27.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
22 04/03/2009 13:06:19.912 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
23 04/03/2009 13:06:19.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
24 04/03/2009 13:06:19.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
25 04/03/2009 13:05:45.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
26 04/03/2009 13:05:44.624 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
27 04/03/2009 13:05:28.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
28 04/03/2009 13:05:18.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
29 04/03/2009 13:05:12.912 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
30 04/03/2009 13:05:12.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
31 04/03/2009 13:05:12.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
32 04/03/2009 13:04:37.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
33 04/03/2009 13:04:35.688 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
34 04/03/2009 13:04:20.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
35 04/03/2009 13:04:10.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
36 04/03/2009 13:04:05.912 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
37 04/03/2009 13:04:05.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
38 04/03/2009 13:04:05.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
39 04/03/2009 13:03:32.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
40 04/03/2009 13:03:24.160 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
41 04/03/2009 13:03:13.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
42 04/03/2009 13:03:03.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
43 04/03/2009 13:02:56.928 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  
44 04/03/2009 13:02:56.848 Info VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
45 04/03/2009 13:02:56.848 Info VPN IKE IKE negotiation aborted due to timeout 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
46 04/03/2009 13:02:22.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
47 04/03/2009 13:02:13.848 Info Network Syslog Server cannot be reached 192.168.16.2, 3, LAN, vls-server.vincentlimousines.local 192.168.16.2, 514, vls-server.vincentlimousines.local    
48 04/03/2009 13:02:04.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
49 04/03/2009 13:01:55.848 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. 24.39.122.206, 500 72.43.96.194, 500, rrcs-72-43-96-194.nyc.biz.rr.com VPN Policy: 001C10F529CB  
50 04/03/2009 13:01:50.912 Info VPN IPSec Illegal IPSec SPI 72.43.96.194, rrcs-72-43-96-194.nyc.biz.rr.com 24.39.122.206 Inbound: SeqNum=0, SPI=0x0  





I appreciate any guidance that you have to offer. Thanks!
0
Comment
Question by:vls-derek
  • 2
  • 2
4 Comments
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
You should first change your passphrase since you posted the log with the IPs!

Ok, First off disable aggressive mode and use normal mode authentications as well as PFS (perfect Forward Secrecy).
While aggressive sounds more secure it is not since the Aggressive mode information are transmitted in clear text.

The current error is your Aggressive mode configuration uses the ID_USER_FQDN.

The LAN and remote Subnets should start at 0. 192.168.16.0 255.255.255.0 and 192.168.17.0 255.255.255.0.
And the sonic wall should have it starting at 0 and ending in 255.

This should get you closer.

If you still are having problems, repost the adjusted config minus the passphrase/secret and the newer logs.
0
 

Author Comment

by:vls-derek
Comment Utility
arnold,

Thanks for the assistance.

I changed the subnet range to start at 0. I also changed from Aggressive mode to main mode and enabled PFS.
What is normal mode authentication? The only authentication options I see are MD5 vs SHA1?

0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Aggressive mode you define an Authentication criteria, Email address, FQDN, etc. after this validates, IKE Phase 1 negotiations begins.
Main mode negotiation starts with Phase 1 such that no information is exchanged in plain text.

0
 

Author Comment

by:vls-derek
Comment Utility
Fixed!!!

I made a few additional changes which made everything work.

After I changed to Main Mode and enabled PFS, I was getting errors about the IKE Ids in the Sonicwall Log, so I experimented until the errors resolved themself. Final result:

On the Sonicwall, under the "General" Tab of the VPN settings - the Local IKE ID should be of type "IP Address" with the external IP address of the Sonicwall.

On the same tab, the Peer IKE ID should be of type "IP Address" with the external IP Address of the Linksys.

Under the Network tab, the destination networks (which I called 4314 range) needs to refer to a "Network" type object rather than a range. When I changed my custom address object, this fixed my final issue where it told me that my local and destination IP addresses were not the same. I have 192.168.17.0 as the network and 255.255.255.0 as the mask. I didn't see this as an option originally and I chose "Range" thinking it was the best choice.

Thanks very much to arnold for his assistance and patience. I'd like to write a reference doc for doing this between these two specific units. If I do, I'll post the link on here later.
1

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now