Solved

TZ 100 to TZ 100

Posted on 2011-02-24
6
1,166 Views
Last Modified: 2012-06-27
getting an error when i am trying to setup a TZ 100 to TZ 100, IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route

i have setup alot of these, it must be something stupid.
0
Comment
Question by:dwaynem2345
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973456
Your two networks must be on different subnets.

TZ-100A
IP: 10.200.9.254
SM: 255.255.255.0

TZ-100B
IP: 10.200.8.254
SM: 255.255.255.0

Select your encryption and keyphrase. Set them in both firewalls. Point B at A's WANIP. Point A at B's WANIP. Then watch the log for IKE: errors and post them back here. This is normally a 10 minute task. So this should be straight forward.
0
 

Author Comment

by:dwaynem2345
ID: 34973561
i get phase without a problem...it is just phase 2

here is the log...now i get through PHASE I, but not 2

24      02/24/2011 14:42:23.528      Warning      VPN IPSec      Received notify:       
25      02/24/2011 14:42:22.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
26      02/24/2011 14:41:54.848      Notice      Network Access      Web management request allowed      , X1      TCP HTTP      
27      02/24/2011 14:41:18.448      Warning      VPN IPSec      Received notify: INVALID_ID_INFO      1            
28      02/24/2011 14:41:17.880      Info      VPN IKE      IKE Initiator: Start Quick Mode (Phase 2).            VPN Policy: MainLewis      
29      02/24/2011 14:40:54.832      Notice      Network Access      Web management request allowed X1      , 80, X1      TCP HTTP      
30      02/24/2011 14:40:13.560      Warning      VPN IPSec      Received notify: INVALID_ID_INFO

i took out IP addresses for security
0
 

Author Comment

by:dwaynem2345
ID: 34973586
more of the logs


02/24/2011 14:55:46.784      Notice      Network Access      Web management request allowed      64.9.44.90, 32175, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
2      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
3      02/24/2011 14:55:22.272      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
4      02/24/2011 14:55:22.272      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
5      02/24/2011 14:54:46.768      Notice      Network Access      Web management request allowed      64.9.44.90, 31749, X1 (admin)      184.74.154.142, 80, X1      TCP HTTP      
6      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
7      02/24/2011 14:54:17.288      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
8      02/24/2011 14:54:17.288      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
9      02/24/2011 14:53:44.224      Info      Authenticated Access      Configuration mode administration session started      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin at GUI from 64.9.44.90      
10      02/24/2011 14:53:44.224      Info      Authenticated Access      WAN zone administrator login allowed      64.9.44.90, 0, X1 (admin)      184.74.154.142, 80, X1      admin, TCP HTTP      
11      02/24/2011 14:53:37.016      Notice      Network Access      Web management request allowed      64.9.44.90, 31253, X1      184.74.154.142, 80, X1      TCP HTTP      
12      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
13      02/24/2011 14:53:12.320      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
14      02/24/2011 14:53:12.320      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
15      02/24/2011 14:52:35.480      Notice      Network Access      TCP connection dropped      24.143.204.139, 80, X1      192.168.20.60, 1259, X0      TCP Port: 1259      
16      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
17      02/24/2011 14:52:07.336      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
18      02/24/2011 14:52:07.336      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
19      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
20      02/24/2011 14:51:02.368      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
21      02/24/2011 14:51:02.368      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
22      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
23      02/24/2011 14:49:57.384      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
24      02/24/2011 14:49:57.384      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
25      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
26      02/24/2011 14:48:52.416      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
27      02/24/2011 14:48:52.416      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
28      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
29      02/24/2011 14:47:47.432      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
30      02/24/2011 14:47:47.432      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
31      02/24/2011 14:46:46.784      Notice      Network Access      TCP connection dropped      184.74.67.22, 9618, X1      184.74.154.142, 139, X1      TCP NetBios SSN TCP      
32      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
33      02/24/2011 14:46:42.464      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
34      02/24/2011 14:46:42.464      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
35      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
36      02/24/2011 14:45:37.480      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
37      02/24/2011 14:45:37.480      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
38      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: IPSec proposal does not match (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
39      02/24/2011 14:44:32.512      Warning      VPN IKE      IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route            192.168.20.0      ClintonLewis      
40      02/24/2011 14:44:32.512      Info      VPN IKE      IKE Responder: Received Quick Mode Request (Phase 2)      184.74.158.110, 500      184.74.154.142, 500      VPN Policy: ClintonLewis      
41      02/24/2011 14:44:00.624      Notice      Network Access      TCP connection dropped      184.74.67.22, 47701, X1      184.74.154.142, 139, X1      TCP NetBios SSN T
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34975058
ok...then let's look at phase 2.  since i can't see your particular settings, review this KB for a suggestion on what could be wrong with phase 2 settings.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3795
0
 

Author Closing Comment

by:dwaynem2345
ID: 34975797
that worked,  I had any address, when I forced lan primary subnet, it worked fine.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34975817
great...glad i could help and thanks for the points!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
eigrp in site-to-site vpn 4 96
Updating Group Policy over a PPTP VPN 21 65
IPsec VPN - which encryption? 5 80
Grant drive/folder change permissions to VPN user 6 40
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question