Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

TZ 100 to TZ 100

Posted on 2011-02-24
6
Medium Priority
?
1,171 Views
Last Modified: 2012-06-27
getting an error when i am trying to setup a TZ 100 to TZ 100, IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

i have setup alot of these, it must be something stupid.
0
Comment
Question by:dwaynem2345
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973456
Your two networks must be on different subnets.

TZ-100A
IP: 10.200.9.254
SM: 255.255.255.0

TZ-100B
IP: 10.200.8.254
SM: 255.255.255.0

Select your encryption and keyphrase. Set them in both firewalls. Point B at A's WANIP. Point A at B's WANIP. Then watch the log for IKE: errors and post them back here. This is normally a 10 minute task. So this should be straight forward.
0
 

Author Comment

by:dwaynem2345
ID: 34973561
i get phase without a problem...it is just phase 2

here is the log...now i get through PHASE I, but not 2

24      02/24/2011 14:42:23.528      Warning      VPN IPSec      Received notify:       
25      02/24/2011 14:42:22.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
26      02/24/2011 14:41:54.848      Notice      Network Access      Web management request allowed      , X1      TCP HTTP      
27      02/24/2011 14:41:18.448      Warning      VPN IPSec      Received notify: INVALID_ID_INFO      1            
28      02/24/2011 14:41:17.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
29      02/24/2011 14:40:54.832      Notice      Network Access      Web management request allowed X1      , 80, X1      TCP HTTP      
30      02/24/2011 14:40:13.560      Warning      VPN IPSec      Received notify: INVALID_ID_INFO

i took out IP addresses for security
0
 

Author Comment

by:dwaynem2345
ID: 34973586
more of the logs


02/24/2011 14:55:46.784      Notice      Network Access      Web management request allowed      64.9.44.90, 32175, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
2      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
3      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
4      02/24/2011 14:55:22.272      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
5      02/24/2011 14:54:46.768      Notice      Network Access      Web management request allowed      64.9.44.90, 31749, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
6      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
7      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
8      02/24/2011 14:54:17.288      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
9      02/24/2011 14:53:44.224      Info      Authenticated Access      Configuration mode administration session started      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin at GUI from 64.9.44.90      
10      02/24/2011 14:53:44.224      Info      Authenticated Access      WAN zone administrator login allowed      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin, TCP HTTP      
11      02/24/2011 14:53:37.016      Notice      Network Access      Web management request allowed      64.9.44.90, 31253, X1      184.74.154.142, 80, X1      TCP HTTP      
12      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
13      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
14      02/24/2011 14:53:12.320      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
15      02/24/2011 14:52:35.480      Notice      Network Access      TCP connection dropped      24.143.204.139, 80, X1      192.168.20.60, 1259, X0      TCP Port: 1259      
16      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
17      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
18      02/24/2011 14:52:07.336      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
19      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
20      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
21      02/24/2011 14:51:02.368      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
22      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
23      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
24      02/24/2011 14:49:57.384      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
25      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
26      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
27      02/24/2011 14:48:52.416      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
28      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
29      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
30      02/24/2011 14:47:47.432      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
31      02/24/2011 14:46:46.784      Notice      Network Access      TCP connection dropped      184.74.67.22, 9618, X1      184.74.154.142, 139, X1      TCP NetBios SSN TCP      
32      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
33      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
34      02/24/2011 14:46:42.464      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
35      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
36      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
37      02/24/2011 14:45:37.480      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
38      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
39      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
40      02/24/2011 14:44:32.512      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
41      02/24/2011 14:44:00.624      Notice      Network Access      TCP connection dropped      184.74.67.22, 47701, X1      184.74.154.142, 139, X1      TCP NetBios SSN T
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 34975058
ok...then let's look at phase 2.  since i can't see your particular settings, review this KB for a suggestion on what could be wrong with phase 2 settings.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3795
0
 

Author Closing Comment

by:dwaynem2345
ID: 34975797
that worked,  I had any address, when I forced lan primary subnet, it worked fine.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34975817
great...glad i could help and thanks for the points!
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question