TZ 100 to TZ 100

getting an error when i am trying to setup a TZ 100 to TZ 100, IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

i have setup alot of these, it must be something stupid.
dwaynem2345Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
digitapConnect With a Mentor Commented:
ok...then let's look at phase 2.  since i can't see your particular settings, review this KB for a suggestion on what could be wrong with phase 2 settings.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3795
0
 
rawinnlnx9Commented:
Your two networks must be on different subnets.

TZ-100A
IP: 10.200.9.254
SM: 255.255.255.0

TZ-100B
IP: 10.200.8.254
SM: 255.255.255.0

Select your encryption and keyphrase. Set them in both firewalls. Point B at A's WANIP. Point A at B's WANIP. Then watch the log for IKE: errors and post them back here. This is normally a 10 minute task. So this should be straight forward.
0
 
dwaynem2345Author Commented:
i get phase without a problem...it is just phase 2

here is the log...now i get through PHASE I, but not 2

24      02/24/2011 14:42:23.528      Warning      VPN IPSec      Received notify:       
25      02/24/2011 14:42:22.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
26      02/24/2011 14:41:54.848      Notice      Network Access      Web management request allowed      , X1      TCP HTTP      
27      02/24/2011 14:41:18.448      Warning      VPN IPSec      Received notify: INVALID_ID_INFO      1            
28      02/24/2011 14:41:17.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
29      02/24/2011 14:40:54.832      Notice      Network Access      Web management request allowed X1      , 80, X1      TCP HTTP      
30      02/24/2011 14:40:13.560      Warning      VPN IPSec      Received notify: INVALID_ID_INFO

i took out IP addresses for security
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
dwaynem2345Author Commented:
more of the logs


02/24/2011 14:55:46.784      Notice      Network Access      Web management request allowed      64.9.44.90, 32175, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
2      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
3      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
4      02/24/2011 14:55:22.272      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
5      02/24/2011 14:54:46.768      Notice      Network Access      Web management request allowed      64.9.44.90, 31749, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
6      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
7      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
8      02/24/2011 14:54:17.288      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
9      02/24/2011 14:53:44.224      Info      Authenticated Access      Configuration mode administration session started      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin at GUI from 64.9.44.90      
10      02/24/2011 14:53:44.224      Info      Authenticated Access      WAN zone administrator login allowed      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin, TCP HTTP      
11      02/24/2011 14:53:37.016      Notice      Network Access      Web management request allowed      64.9.44.90, 31253, X1      184.74.154.142, 80, X1      TCP HTTP      
12      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
13      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
14      02/24/2011 14:53:12.320      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
15      02/24/2011 14:52:35.480      Notice      Network Access      TCP connection dropped      24.143.204.139, 80, X1      192.168.20.60, 1259, X0      TCP Port: 1259      
16      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
17      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
18      02/24/2011 14:52:07.336      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
19      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
20      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
21      02/24/2011 14:51:02.368      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
22      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
23      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
24      02/24/2011 14:49:57.384      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
25      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
26      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
27      02/24/2011 14:48:52.416      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
28      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
29      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
30      02/24/2011 14:47:47.432      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
31      02/24/2011 14:46:46.784      Notice      Network Access      TCP connection dropped      184.74.67.22, 9618, X1      184.74.154.142, 139, X1      TCP NetBios SSN TCP      
32      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
33      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
34      02/24/2011 14:46:42.464      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
35      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
36      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
37      02/24/2011 14:45:37.480      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
38      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
39      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
40      02/24/2011 14:44:32.512      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
41      02/24/2011 14:44:00.624      Notice      Network Access      TCP connection dropped      184.74.67.22, 47701, X1      184.74.154.142, 139, X1      TCP NetBios SSN T
0
 
dwaynem2345Author Commented:
that worked,  I had any address, when I forced lan primary subnet, it worked fine.
0
 
digitapCommented:
great...glad i could help and thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.