Sonicwall VPN issue

TBTNetworks
TBTNetworks used Ask the Experts™
on
I have our corporate location that has a managed Cisco router/firewall (managed by the ISP) and all of our remote locations that are managed by us and have Sonicwalls.

I had our ISP add another VPN tunnel with a specific shared secret, and gave them the destination public and private IP addresses. However the tunnel isn't coming up.

Here are the settings on the new site/sonicwall/vpn:

Policy Type: Site to Site
Authentication Method: IKE using Preshared Secret
IPsec Primary Gateway name or address: <Public IP of our corp office>
IPsec Secondary gateway name or address: 0.0.0.0

Shared Secret: <The shared secret I gave them>
Local IKE and Peer IKE: both blank

Choose local network from list: Lan Subnets
Choose destination network from list (remote networks): <the group of IP's on the remote network>

IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800

Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800

Enabled Keep Alive
VPN Policy bound to ZONE WAN

The VPN Settings on another one of our site locations (older sonicwall):
Ipsec Keying Mode: IKE using Preshared Secret
Ipsec Primary gateway: <Public IP of corp office>
Ipsec Secondary: 0.0.0.0
Shared Secret: <our shared secret>

Destination networks is "specified below" so instead of an address object its manually typed it with a network/netmask of the corp office network

IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800

Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800

Enabled Keep Alive
VPN Terminated at LAN

Here is what I see in the log of my remote site:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Start Quick Mode (Phase 2)
Received IKE SA delete request
IPSecTunnel status changed     Tunnel Down
<repeats>
<repeats>
<repeats>

On my working remote sites I see:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
NAT Discovery: Peer IPSec Security Gateway doesnt support VPN NAT Transversal
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Received Quick Mode Request (Phase 2)
IKE Responder: Accepting IPSec Proposal (Phase 2)
IKE Negotiation Complete: Adding IPSec SA (Phase 2)
<Tunnel is up>

Thoughts? Unfortunately not having admin access to the managed Cisco devices on the other end may limit what we can do, but looking forward to what you all think.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
System Administrator
Top Expert 2011
Commented:
Dear,

without Cisco running configuration it would be difficult to help, but if we assume cisco configuration is fine then you can do followings

1) instead of LAN subnets you create seprate AO (Address object)  for your current location and one seprate AO for remote and try VPN.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial