Solved

Cisco ASA 5510 Problem to sonicwal pro1260

Posted on 2009-04-06
5
1,304 Views
Last Modified: 2012-05-06
Hello experts, hope you can help
I have a cisco asa5510 with multiple lan to lan vpn's configured (terminating on a mixture of cisco 837, 877 and pix 501)

I also have a single lan to lan vpn terminating on a sonicwall pro 1260, this vpn does not come up, it fails phase 1,
looking at the logs from the sonicwall i seem to be getting errors "invalid cookie",

Now I have spent the 2 days trying to resolve this issue, I have looked on the web a few people seem to have the same issues, i have chacked my isakmp and ipsec (protected traffic) etc and all looks fine, it is worth mentioning we had a pix 515 before the asa and the sonicwall vpn terminated fine with that then, just no good with asa,

Already logged a call with sonicwall but they can not help, they said it should be working

someone has mentioned a way of disabling aggresive mode on the asa as this might be a problem (even though my tunnel is configured for main mode).... ?

I can provide error logs /configs but not until tomorrow morning,

Thanks guys
Andy

0
Comment
Question by:webleyaxsor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 24088247
If you use 86400 as the lifetime, try reducing it to 28800 on both devices, use SHA1 instead of MD5.   If the error still happens, then try dropping to DES instead of 3DES.    

I saw another post that recommended Deleting and recreating the SA on the sonicwall as a possible fix as well.  
0
 

Author Comment

by:webleyaxsor
ID: 24091915
Hi, the lifetime is already set to 28800 for phase 1 and 2 , i have tried 3des and des for phase 1, also changed the authentication md5 to sha1 on both phases and rebuilt the the sa on the sonicwall, I have a sonicwall "expert" looking at it tomorrow, I will keep you updated, i am beginning to suspect a compatability issue between the 2 devices, oh for standards
andy ..
0
 

Author Comment

by:webleyaxsor
ID: 24443424
thank you all sorted, liftime error
0
 

Author Comment

by:webleyaxsor
ID: 24443432
all sorted thankyou
0
 

Author Closing Comment

by:webleyaxsor
ID: 31567271
thankyou very much, sorry for late reply for the points,
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Draytek (Site to Site VPN using IPSec) 6 62
TZ400 2 24
Reset HP V1905-24-PoE switch to factory default settings 2 39
Web content filtering solution 6 22
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question