summit_pcguy
asked on
Unable to access SonicWall TZ 100 using Global VPN client behind Cisco
I am unable to connect to a Sonicwall TZ 100 via Sonicwall Global VPN client. I know the site is up and working because everyone else connects with no problems. I know licensing is not an issue. I know I have the proper group key.
I uninstalled - ran the Sonicwall cleanup util and still had problems. Loaded on another VM and still had the issue.
Errors:
Failed to find MAC address 00:60:73:xx:xx:xx in the system interfaces table
Starting ISAKMP Phase 1 negotiation
The Peer is Not Responding to Phase 1 ISAKMP Requests
An error has occurred
Here is my setup:
Windows 7 ultimate host with Cisco CPN client installed
Security: AVG Internet Security 9.0
Windows XP SP3 VM with Sonicwall GVPN client (4.2.6.0305) installed.
Security : Microsoft Security Essentials - standard firewall
My side: Behind a Cisco 851 Firewall router with no outbound blocking (that I am aware of) - business cable modem
Their side: Only the Sonicwall on a T1 line.
Only running Global VPN from a VM and never when the Cisco VPN client is running.
Some Internet research suggests that the Cisco may be blocking outgoing ISAKMP packets. I am the only one trying from behind anything Cisco so no help.
I uninstalled - ran the Sonicwall cleanup util and still had problems. Loaded on another VM and still had the issue.
Errors:
Failed to find MAC address 00:60:73:xx:xx:xx in the system interfaces table
Starting ISAKMP Phase 1 negotiation
The Peer is Not Responding to Phase 1 ISAKMP Requests
An error has occurred
Here is my setup:
Windows 7 ultimate host with Cisco CPN client installed
Security: AVG Internet Security 9.0
Windows XP SP3 VM with Sonicwall GVPN client (4.2.6.0305) installed.
Security : Microsoft Security Essentials - standard firewall
My side: Behind a Cisco 851 Firewall router with no outbound blocking (that I am aware of) - business cable modem
Their side: Only the Sonicwall on a T1 line.
Only running Global VPN from a VM and never when the Cisco VPN client is running.
Some Internet research suggests that the Cisco may be blocking outgoing ISAKMP packets. I am the only one trying from behind anything Cisco so no help.
ASKER
I am sure that the Sonicwall works for VPN as 3 or 4 people a day use it.
There are no specific inbound rules from my specific router to the Sonicwall.
The access rule on the Sonicwall (note that I am NOT trying a site to site VPN - this is solely my PC connecting to the SonicWall VPN using the client) allows all incoming traffic on ports 443 and Global VPN traffic.
I am not familiar with wireshark. I should be able to pop a hub between the Cisco and the cable modem sometime next week when I return from vacation.
There are no specific inbound rules from my specific router to the Sonicwall.
The access rule on the Sonicwall (note that I am NOT trying a site to site VPN - this is solely my PC connecting to the SonicWall VPN using the client) allows all incoming traffic on ports 443 and Global VPN traffic.
I am not familiar with wireshark. I should be able to pop a hub between the Cisco and the cable modem sometime next week when I return from vacation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I apologize for not getting back to this thread in a timely manner. I was on vacation and then had to catch up on what I missed.
I was able to find the solution to this problem by myself after some digging.
The solution was in two parts.
I started to suspect the AVG Firewall when PPTP VPNS that have always worked stopped working. The only thing new was the AVG upgrade. I was also unable to access the SonicWall VPN customer from behind my home DSL with a D-link firewall device.
For troubleshooting I dropped the AVG Firewall while inside my corporate firewall. I was able to access all PPTP sites but not the SonicWall customer site with the Global VPN client through my Windows 7 XP Mode VM.
According to the event viewer from the VPN client a MC address wasn't being found and another network error. I was able to access the Internet and initially discounted the error and focused on AVG.
I found an AVG technote on their web site that explained how to enable PPTP by adding each WAN VPN IP to the network list, making them trusted, and allowing the various services for those networks. That was painful. But it worked. I was then able to access my PPTP VPNs with no problems.
Just remember to add each WAN IP in for home and the office.
I added the WAN IP of the SonicWall site to my AVG Firewall and I still had the SonicWall problem. I changed the settings on the VPM networking from "shared" to the wired network adapter on my notebook which didn't seem to work. A reboot of the VM then cleared that and everything is now working with the AVG Firewall up and running.
The issue was not with the Cisco at all.
I was able to find the solution to this problem by myself after some digging.
The solution was in two parts.
I started to suspect the AVG Firewall when PPTP VPNS that have always worked stopped working. The only thing new was the AVG upgrade. I was also unable to access the SonicWall VPN customer from behind my home DSL with a D-link firewall device.
For troubleshooting I dropped the AVG Firewall while inside my corporate firewall. I was able to access all PPTP sites but not the SonicWall customer site with the Global VPN client through my Windows 7 XP Mode VM.
According to the event viewer from the VPN client a MC address wasn't being found and another network error. I was able to access the Internet and initially discounted the error and focused on AVG.
I found an AVG technote on their web site that explained how to enable PPTP by adding each WAN VPN IP to the network list, making them trusted, and allowing the various services for those networks. That was painful. But it worked. I was then able to access my PPTP VPNs with no problems.
Just remember to add each WAN IP in for home and the office.
I added the WAN IP of the SonicWall site to my AVG Firewall and I still had the SonicWall problem. I changed the settings on the VPM networking from "shared" to the wired network adapter on my notebook which didn't seem to work. A reboot of the VM then cleared that and everything is now working with the AVG Firewall up and running.
The issue was not with the Cisco at all.
glad to hear that
ASKER
If my problem had been on the router end I am sure the expert would have worked me through the steps needed to resolve it. If we had validated the router end I am sure the expert would have taken me down the path of looking at the software firewall on the workstation.
Can you please send output, so we can troubleshoot
thanks