Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sonicwall tz170 x2 site to site vpn gateway issue

Posted on 2009-05-18
2
748 Views
Last Modified: 2013-11-16
I am having DNS issues with this VPN, the Portal is open, and traffic can flow correctly, the two networks are on different domains, i keep having to use full name resolution i.e. ts.domain1.local and not just ts, using windows VPN i can just use ts. i have set up forward lookup zones on each dns server but it doesnt make any difference.

 i also have a problem when connecting to our main site's company web, get the "unauthorised ip". but if i connect locally using windows VPN, all of these issues go away so it has something to do with the 2 sonicwalls.

i have this error popping up every now and then:
24      05/18/2009 11:45:39.736      IKE Responder: IPSec proposal does not match (Phase 2)      91.84.16.74      82.152.225.206      192.168.49.0/24 -> 192.168.50.0/24       
25      05/18/2009 11:45:39.736      IKE Responder: No match for proposed remote network address      91.84.16.74      82.152.225.206      192.168.49.0/24

Which is odd as the remote networks are set on both sides to 192.168.50.0 and 192.168.102.0, so i dont know why its trying .49 ?

CONFUSED!!

Thanks for help in advance

0
Comment
Question by:racphillips
2 Comments
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24419517
Your first problem is one of DNS config I suspect. What DNS server is the remote user using to look up "ts"? If it isn't YOUR dns server then it won't find it. I suspect the remote user will be using his ISP's DNS server. But as you found you can use the FQDN, then, that's your solution - it's what FQDNs are for. :-)

The second one - you probably have the Proposal parameters incorrect but without seeing them we can't tell - please type in the following for EACH SITE

Wan address
Gateway address
LAN range

Settings from "General" tab of VPN config
Settings from networks tab
Settings from Proposals tab

0
 

Author Closing Comment

by:racphillips
ID: 31582543
There were some old Static routes setup on the Sonicwall that i didnt see before, so ive sorted out the VPN issues, DNS is still strange and cant access one server, only on though, will give you points for that though, cheers,
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA configuration 2 39
Ping configured interface on Sonicwall 16 60
SQL Server Connection String through a VPN 8 55
SSL VPN to Fortigate 100D 2 7
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question