Solved

Sonicwall tz170 x2 site to site vpn gateway issue

Posted on 2009-05-18
2
760 Views
Last Modified: 2013-11-16
I am having DNS issues with this VPN, the Portal is open, and traffic can flow correctly, the two networks are on different domains, i keep having to use full name resolution i.e. ts.domain1.local and not just ts, using windows VPN i can just use ts. i have set up forward lookup zones on each dns server but it doesnt make any difference.

 i also have a problem when connecting to our main site's company web, get the "unauthorised ip". but if i connect locally using windows VPN, all of these issues go away so it has something to do with the 2 sonicwalls.

i have this error popping up every now and then:
24      05/18/2009 11:45:39.736      IKE Responder: IPSec proposal does not match (Phase 2)      91.84.16.74      82.152.225.206      192.168.49.0/24 -> 192.168.50.0/24       
25      05/18/2009 11:45:39.736      IKE Responder: No match for proposed remote network address      91.84.16.74      82.152.225.206      192.168.49.0/24

Which is odd as the remote networks are set on both sides to 192.168.50.0 and 192.168.102.0, so i dont know why its trying .49 ?

CONFUSED!!

Thanks for help in advance

0
Comment
Question by:racphillips
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 24419517
Your first problem is one of DNS config I suspect. What DNS server is the remote user using to look up "ts"? If it isn't YOUR dns server then it won't find it. I suspect the remote user will be using his ISP's DNS server. But as you found you can use the FQDN, then, that's your solution - it's what FQDNs are for. :-)

The second one - you probably have the Proposal parameters incorrect but without seeing them we can't tell - please type in the following for EACH SITE

Wan address
Gateway address
LAN range

Settings from "General" tab of VPN config
Settings from networks tab
Settings from Proposals tab

0
 

Author Closing Comment

by:racphillips
ID: 31582543
There were some old Static routes setup on the Sonicwall that i didnt see before, so ive sorted out the VPN issues, DNS is still strange and cant access one server, only on though, will give you points for that though, cheers,
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question