I have 'inherited' an existing Sonicwall TZ-170. The device is currently serving a number of remote clients (Windows clients using the Sonicwall VPN client, and a Mac using some third-party tunnel application) and there is one site-to-site VPN path to a remote network. All is working well at this point. I am trying to allow / make it possible for some Linux-based workstations to use the VPN as a client (using vpnc from SUSE and UBUNTU clients) much the same as the Windows clients currently do. When they connect, they get an error '(ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)'. The information I have read from some Internet digging indicates that I need to set up the groupVPN to use Diffie-Hellman group 5 as the DH group. I am using DH Group 2 in the configuration at this point.
My question is: Can I make this change (from DH 2 to DH 5) without affecting the existing VPN clients? I am not sure of the impact of this change, and it is not clear to me that I can change it to group 5, test, and then change it back to group 2 if it does not work. Is the DH setting for the groupVPN something that I can change on the Sonicwall device without affecting the clients and the site-to-site VPN? A follow-up question would be if there exists some information on connecting a Linux workstation to a Sonicwall GroupVPN.