Solved

How to set up an IPSEC tunnel between a Windows 2008 R2 server and a Sonicwall NSA 240

Posted on 2011-03-19
2
2,248 Views
Last Modified: 2013-11-30
Three attempts have been made to do this.  Sonicwall in a FAQ said that is is possible and to contact a Windows consultant to set it up due the complexity.

The Sonicwall Global client requires an account to stay logged in to the server all the time.  This isn't acceptable.

Using a L2TP connection and RRAS Dial on Demand will not work.  Even though an L2TP connection created from the Network and Sharing Center WILL work but only one way .  The server is able to ping nodes on the LAN behind the Sonicwall but not vice versa.  A packet capture shows that the Sonicwall is dropping the packets.  What is interesting is that given long enough time the pings will actually start to work.  After opening a case with Sonicwall, they said that an L2TP tunnel is only good for one way communication.

If you use Windows Firewall "Secure Connection" policies, you can create a connection but with the same problem.  The server can ping the LAN behind the Sonicwall but not vise versa.  However the Sonicwall does not drop these packets.  The packets make it to the server and Microsoft's monitor shows the IKE packets being received.  The server doesn't respond to them.

If you use the IP Security Policy, so far the Sonicwall just reports "NO_PROPOSAL_CHOOSEN".  So I have yet to find the magic setting to make this establish a tunnel.

For Phase one:  I use:
Group2, 3DES, SHA1, Preshare Key

Phase 2:
3DES, SHA1

I have 4 different ways that ALMOST work.  It is hard to believe they are so close but don't.

This project is to enable us to connect to hosted Virtual Machines we rent from a vendor.
0
Comment
Question by:Seitech2323
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Accepted Solution

by:
Seitech2323 earned 0 total points
ID: 35455925
It turns out that Windows 2008 R2 has a bug.  A hot fix is going to be issued.

You will be able to use the Windows firewall to create IPSEC tunnel.  I have seen it actually connect to a Sonicwall firewall.
0
 

Author Closing Comment

by:Seitech2323
ID: 35455935
This is the only solution that I know of.
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Performance Monitor to check space on a CSV partition 1 44
Cross-Network Traffic 24 113
Network access 24 50
external website is 16 29
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question