• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 17425
  • Last Modified:

IKE Responder: IKE proposal does not match (phase 1)

Hi,
Iam trying to setup a site to site VPN tunnel between a Sonicwall NSA 2400 and Sonicwall TZ210, and I get this errors:

Firewall 1:

IKE Responder: Proposed IKE ID mismatch (VPN policy does not exist for peer I
P address: x.x.x.x)
IKE Responder: IKE proposal does not match (Phase 1)
Payload processing failed

Firewall 2:

Received notify. NO_PROPOSAL_CHOSEN

Any idea?

Thanks
0
annaros
Asked:
annaros
3 Solutions
 
ShareefHuddleCommented:
Are your UFI's the same? And are your stage 1 settings the same? Are you using perfect forwarding secrecy (I usually don't)?

0
 
vabelloCommented:
Double check that your pre-shared keys match assuming you're using pre-shared keys. Make sure you have the correct opposing IP addresses defined on each end. Other settings to check are your IKE key lifetime, diffie-hellman group, encryption algorithm, and secure hash. All of these must match on both ends or phase 1 will fail on any IPSec enabled device.

PFS as ShareefHuddle mentioned is part of the phase 2 proposal and shouldn't cause a mismatch error on phase 1. My experience is largely with Cisco hardware, however so there might be differences I'm unfamiliar with concerning the SonicWalls.
0
 
Syed_M_UsmanCommented:
Dear,
log on to your sonicwall---->VPN---->Settings----Open VPN Policy (you created)----click on configure---->select proposal------->check IKE (Phase 1) Proposal.

if this doect no work, you can try deleting currrent VPN and create using Wizard.

before you create VPN please make sure below senarios

1) if you have two sites and both have static IP address
2) two sites and one has static and one has fynamic
3) two sties both dynamic ip address.

and if you want to use only for one host or mobile computer, you can use Sonicwall Global VPN Client.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Syed_M_UsmanCommented:
this error means phase 1 is not matching, make sure you match both (Site A and Site B) same.
0
 
Syed_M_UsmanCommented:
log on to your sonicwall---->VPN---->Settings----Open VPN Policy (you created)----click on configure---->select proposal------->check IKE (Phase 1) Proposal (this should be same on both sites)
0
 
Syed_M_UsmanCommented:
any luck???
0
 
annarosAuthor Commented:
Yes, I deleted all the VPN and configured again, and it worked.

Thanks to all.
0
 
Syed_M_UsmanCommented:
you are welcome.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now