Solved

TZ 100 to TZ 100

Posted on 2011-02-24
6
1,149 Views
Last Modified: 2012-06-27
getting an error when i am trying to setup a TZ 100 to TZ 100, IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

i have setup alot of these, it must be something stupid.
0
Comment
Question by:dwaynem2345
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973456
Your two networks must be on different subnets.

TZ-100A
IP: 10.200.9.254
SM: 255.255.255.0

TZ-100B
IP: 10.200.8.254
SM: 255.255.255.0

Select your encryption and keyphrase. Set them in both firewalls. Point B at A's WANIP. Point A at B's WANIP. Then watch the log for IKE: errors and post them back here. This is normally a 10 minute task. So this should be straight forward.
0
 

Author Comment

by:dwaynem2345
ID: 34973561
i get phase without a problem...it is just phase 2

here is the log...now i get through PHASE I, but not 2

24      02/24/2011 14:42:23.528      Warning      VPN IPSec      Received notify:       
25      02/24/2011 14:42:22.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
26      02/24/2011 14:41:54.848      Notice      Network Access      Web management request allowed      , X1      TCP HTTP      
27      02/24/2011 14:41:18.448      Warning      VPN IPSec      Received notify: INVALID_ID_INFO      1            
28      02/24/2011 14:41:17.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
29      02/24/2011 14:40:54.832      Notice      Network Access      Web management request allowed X1      , 80, X1      TCP HTTP      
30      02/24/2011 14:40:13.560      Warning      VPN IPSec      Received notify: INVALID_ID_INFO

i took out IP addresses for security
0
 

Author Comment

by:dwaynem2345
ID: 34973586
more of the logs


02/24/2011 14:55:46.784      Notice      Network Access      Web management request allowed      64.9.44.90, 32175, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
2      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
3      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
4      02/24/2011 14:55:22.272      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
5      02/24/2011 14:54:46.768      Notice      Network Access      Web management request allowed      64.9.44.90, 31749, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
6      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
7      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
8      02/24/2011 14:54:17.288      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
9      02/24/2011 14:53:44.224      Info      Authenticated Access      Configuration mode administration session started      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin at GUI from 64.9.44.90      
10      02/24/2011 14:53:44.224      Info      Authenticated Access      WAN zone administrator login allowed      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin, TCP HTTP      
11      02/24/2011 14:53:37.016      Notice      Network Access      Web management request allowed      64.9.44.90, 31253, X1      184.74.154.142, 80, X1      TCP HTTP      
12      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
13      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
14      02/24/2011 14:53:12.320      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
15      02/24/2011 14:52:35.480      Notice      Network Access      TCP connection dropped      24.143.204.139, 80, X1      192.168.20.60, 1259, X0      TCP Port: 1259      
16      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
17      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
18      02/24/2011 14:52:07.336      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
19      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
20      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
21      02/24/2011 14:51:02.368      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
22      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
23      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
24      02/24/2011 14:49:57.384      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
25      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
26      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
27      02/24/2011 14:48:52.416      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
28      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
29      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
30      02/24/2011 14:47:47.432      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
31      02/24/2011 14:46:46.784      Notice      Network Access      TCP connection dropped      184.74.67.22, 9618, X1      184.74.154.142, 139, X1      TCP NetBios SSN TCP      
32      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
33      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
34      02/24/2011 14:46:42.464      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
35      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
36      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
37      02/24/2011 14:45:37.480      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
38      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
39      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
40      02/24/2011 14:44:32.512      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
41      02/24/2011 14:44:00.624      Notice      Network Access      TCP connection dropped      184.74.67.22, 47701, X1      184.74.154.142, 139, X1      TCP NetBios SSN T
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34975058
ok...then let's look at phase 2.  since i can't see your particular settings, review this KB for a suggestion on what could be wrong with phase 2 settings.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3795
0
 

Author Closing Comment

by:dwaynem2345
ID: 34975797
that worked,  I had any address, when I forced lan primary subnet, it worked fine.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34975817
great...glad i could help and thanks for the points!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now