Solved

TZ 100 to TZ 100

Posted on 2011-02-24
6
1,164 Views
Last Modified: 2012-06-27
getting an error when i am trying to setup a TZ 100 to TZ 100, IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

i have setup alot of these, it must be something stupid.
0
Comment
Question by:dwaynem2345
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973456
Your two networks must be on different subnets.

TZ-100A
IP: 10.200.9.254
SM: 255.255.255.0

TZ-100B
IP: 10.200.8.254
SM: 255.255.255.0

Select your encryption and keyphrase. Set them in both firewalls. Point B at A's WANIP. Point A at B's WANIP. Then watch the log for IKE: errors and post them back here. This is normally a 10 minute task. So this should be straight forward.
0
 

Author Comment

by:dwaynem2345
ID: 34973561
i get phase without a problem...it is just phase 2

here is the log...now i get through PHASE I, but not 2

24      02/24/2011 14:42:23.528      Warning      VPN IPSec      Received notify:       
25      02/24/2011 14:42:22.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
26      02/24/2011 14:41:54.848      Notice      Network Access      Web management request allowed      , X1      TCP HTTP      
27      02/24/2011 14:41:18.448      Warning      VPN IPSec      Received notify: INVALID_ID_INFO      1            
28      02/24/2011 14:41:17.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
29      02/24/2011 14:40:54.832      Notice      Network Access      Web management request allowed X1      , 80, X1      TCP HTTP      
30      02/24/2011 14:40:13.560      Warning      VPN IPSec      Received notify: INVALID_ID_INFO

i took out IP addresses for security
0
 

Author Comment

by:dwaynem2345
ID: 34973586
more of the logs


02/24/2011 14:55:46.784      Notice      Network Access      Web management request allowed      64.9.44.90, 32175, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
2      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
3      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
4      02/24/2011 14:55:22.272      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
5      02/24/2011 14:54:46.768      Notice      Network Access      Web management request allowed      64.9.44.90, 31749, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
6      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
7      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
8      02/24/2011 14:54:17.288      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
9      02/24/2011 14:53:44.224      Info      Authenticated Access      Configuration mode administration session started      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin at GUI from 64.9.44.90      
10      02/24/2011 14:53:44.224      Info      Authenticated Access      WAN zone administrator login allowed      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin, TCP HTTP      
11      02/24/2011 14:53:37.016      Notice      Network Access      Web management request allowed      64.9.44.90, 31253, X1      184.74.154.142, 80, X1      TCP HTTP      
12      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
13      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
14      02/24/2011 14:53:12.320      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
15      02/24/2011 14:52:35.480      Notice      Network Access      TCP connection dropped      24.143.204.139, 80, X1      192.168.20.60, 1259, X0      TCP Port: 1259      
16      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
17      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
18      02/24/2011 14:52:07.336      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
19      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
20      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
21      02/24/2011 14:51:02.368      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
22      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
23      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
24      02/24/2011 14:49:57.384      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
25      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
26      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
27      02/24/2011 14:48:52.416      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
28      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
29      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
30      02/24/2011 14:47:47.432      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
31      02/24/2011 14:46:46.784      Notice      Network Access      TCP connection dropped      184.74.67.22, 9618, X1      184.74.154.142, 139, X1      TCP NetBios SSN TCP      
32      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
33      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
34      02/24/2011 14:46:42.464      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
35      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
36      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
37      02/24/2011 14:45:37.480      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
38      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
39      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
40      02/24/2011 14:44:32.512      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
41      02/24/2011 14:44:00.624      Notice      Network Access      TCP connection dropped      184.74.67.22, 47701, X1      184.74.154.142, 139, X1      TCP NetBios SSN T
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34975058
ok...then let's look at phase 2.  since i can't see your particular settings, review this KB for a suggestion on what could be wrong with phase 2 settings.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3795
0
 

Author Closing Comment

by:dwaynem2345
ID: 34975797
that worked,  I had any address, when I forced lan primary subnet, it worked fine.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34975817
great...glad i could help and thanks for the points!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question