Sonicwall NSA 240 VPN site-to-site connectivity

AsystData
AsystData used Ask the Experts™
on
Boy I am just running into one road block after another with this new Sonicwall NSA 240.

I have my new Sonicwall NSA 240 up and running.

Here is the problem:
I have 6 VPN locations that were on my old TZ170 without issues. I recreated the rules under the NSA240 and when I turn on one VPN site to connect, the connection shows up and my NSA device reboots. Basically I lose all connectivity. This happens all the time regardless of any of my VPN sites i try to connect. If I disable VPN the NSA 240 stays on just fine.

Remember I had this running on my old TZ170 without issue.

All my remote locations use a D-Link 804HV. I have the latest firmware that you can have for the D-Link and as well for the NSA240.

I am thinking the D-Link might be the issue and going to have to dump it.

any tips or advice is greatly appreciated.

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
is the NSA up to date on the firmware?  also, what is the Phase 1 and Phase 2 settings of the VPN on the sonicwall and the d-link?

consider configuring the syslog and log automation to email log information for the sonicwall before the reboot.

Author

Commented:
My NSA is up to date and has the latest release.

SONICWALL setting below

For Phase 1 it is

Exchange: Main Mode
DH Group: Group 5
Encryption: 3DES
Authentication: MD5
Life Time (seconds): 500000


Phase 2:

Protocol: ESP
Encryption: DES
Authentication: SHA1
DH Group: Group 5
LifeTime: 500000

D-LINK Settings

Phase 1:

DH Group: Group 5
Encryption: 3DES
Authentication: MD5
Life Time: 36000

Phase 2:

DH Group: Group 5
Protocol: ESP
Encryption DES
Authentication: SHA1
Life Time 28800



The only thing I can think of the D-Link is just not compatible with the new NSA240 firmware.
Top Expert 2010
Commented:
default lifetime on the sonicwall is 28800.  i don't know what it is on the d-link.  what i do know is it must match for the respective phases on both firewall appilances.  i'd change everything to the sonicwall default.  if it still doesn't come up, disable/enable the vpn on the sonicwall.
Top Expert 2010

Commented:
thx for the pts!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial