IKE Responder: IKE proposal does not match (phase 1)

Hi,
Iam trying to setup a site to site VPN tunnel between a Sonicwall NSA 2400 and Sonicwall TZ210, and I get this errors:

Firewall 1:

IKE Responder: Proposed IKE ID mismatch (VPN policy does not exist for peer I
P address: x.x.x.x)
IKE Responder: IKE proposal does not match (Phase 1)
Payload processing failed

Firewall 2:

Received notify. NO_PROPOSAL_CHOSEN

Any idea?

Thanks
annarosAsked:
Who is Participating?
 
vabelloCommented:
Double check that your pre-shared keys match assuming you're using pre-shared keys. Make sure you have the correct opposing IP addresses defined on each end. Other settings to check are your IKE key lifetime, diffie-hellman group, encryption algorithm, and secure hash. All of these must match on both ends or phase 1 will fail on any IPSec enabled device.

PFS as ShareefHuddle mentioned is part of the phase 2 proposal and shouldn't cause a mismatch error on phase 1. My experience is largely with Cisco hardware, however so there might be differences I'm unfamiliar with concerning the SonicWalls.
0
 
ShareefHuddleCommented:
Are your UFI's the same? And are your stage 1 settings the same? Are you using perfect forwarding secrecy (I usually don't)?

0
 
Syed_M_UsmanSystem AdministratorCommented:
Dear,
log on to your sonicwall---->VPN---->Settings----Open VPN Policy (you created)----click on configure---->select proposal------->check IKE (Phase 1) Proposal.

if this doect no work, you can try deleting currrent VPN and create using Wizard.

before you create VPN please make sure below senarios

1) if you have two sites and both have static IP address
2) two sites and one has static and one has fynamic
3) two sties both dynamic ip address.

and if you want to use only for one host or mobile computer, you can use Sonicwall Global VPN Client.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Syed_M_UsmanSystem AdministratorCommented:
this error means phase 1 is not matching, make sure you match both (Site A and Site B) same.
0
 
Syed_M_UsmanSystem AdministratorCommented:
log on to your sonicwall---->VPN---->Settings----Open VPN Policy (you created)----click on configure---->select proposal------->check IKE (Phase 1) Proposal (this should be same on both sites)
0
 
Syed_M_UsmanSystem AdministratorCommented:
any luck???
0
 
annarosAuthor Commented:
Yes, I deleted all the VPN and configured again, and it worked.

Thanks to all.
0
 
Syed_M_UsmanSystem AdministratorCommented:
you are welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.