Sonicwall VPN issue
I have our corporate location that has a managed Cisco router/firewall (managed by the ISP) and all of our remote locations that are managed by us and have Sonicwalls.
I had our ISP add another VPN tunnel with a specific shared secret, and gave them the destination public and private IP addresses. However the tunnel isn't coming up.
Here are the settings on the new site/sonicwall/vpn:
Policy Type: Site to Site
Authentication Method: IKE using Preshared Secret
IPsec Primary Gateway name or address: <Public IP of our corp office>
IPsec Secondary gateway name or address: 0.0.0.0
Shared Secret: <The shared secret I gave them>
Local IKE and Peer IKE: both blank
Choose local network from list: Lan Subnets
Choose destination network from list (remote networks): <the group of IP's on the remote network>
IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800
Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800
Enabled Keep Alive
VPN Policy bound to ZONE WAN
The VPN Settings on another one of our site locations (older sonicwall):
Ipsec Keying Mode: IKE using Preshared Secret
Ipsec Primary gateway: <Public IP of corp office>
Ipsec Secondary: 0.0.0.0
Shared Secret: <our shared secret>
Destination networks is "specified below" so instead of an address object its manually typed it with a network/netmask of the corp office network
IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800
Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800
Enabled Keep Alive
VPN Terminated at LAN
Here is what I see in the log of my remote site:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Start Quick Mode (Phase 2)
Received IKE SA delete request
IPSecTunnel status changed Tunnel Down
<repeats>
<repeats>
<repeats>
On my working remote sites I see:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
NAT Discovery: Peer IPSec Security Gateway doesnt support VPN NAT Transversal
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Received Quick Mode Request (Phase 2)
IKE Responder: Accepting IPSec Proposal (Phase 2)
IKE Negotiation Complete: Adding IPSec SA (Phase 2)
<Tunnel is up>
Thoughts? Unfortunately not having admin access to the managed Cisco devices on the other end may limit what we can do, but looking forward to what you all think.
I had our ISP add another VPN tunnel with a specific shared secret, and gave them the destination public and private IP addresses. However the tunnel isn't coming up.
Here are the settings on the new site/sonicwall/vpn:
Policy Type: Site to Site
Authentication Method: IKE using Preshared Secret
IPsec Primary Gateway name or address: <Public IP of our corp office>
IPsec Secondary gateway name or address: 0.0.0.0
Shared Secret: <The shared secret I gave them>
Local IKE and Peer IKE: both blank
Choose local network from list: Lan Subnets
Choose destination network from list (remote networks): <the group of IP's on the remote network>
IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800
Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800
Enabled Keep Alive
VPN Policy bound to ZONE WAN
The VPN Settings on another one of our site locations (older sonicwall):
Ipsec Keying Mode: IKE using Preshared Secret
Ipsec Primary gateway: <Public IP of corp office>
Ipsec Secondary: 0.0.0.0
Shared Secret: <our shared secret>
Destination networks is "specified below" so instead of an address object its manually typed it with a network/netmask of the corp office network
IKE Phase 1
Exchange: main mode
DH group: Group 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800
Phase 2:
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Lifetime: 28800
Enabled Keep Alive
VPN Terminated at LAN
Here is what I see in the log of my remote site:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Start Quick Mode (Phase 2)
Received IKE SA delete request
IPSecTunnel status changed Tunnel Down
<repeats>
<repeats>
<repeats>
On my working remote sites I see:
IKE Initiator: Start Main Mode Negotiation (Phase 1)
NAT Discovery: Peer IPSec Security Gateway doesnt support VPN NAT Transversal
IKE Initiator: Main Mode Complete (Phase 1)
IKE Initiator: Received Quick Mode Request (Phase 2)
IKE Responder: Accepting IPSec Proposal (Phase 2)
IKE Negotiation Complete: Adding IPSec SA (Phase 2)
<Tunnel is up>
Thoughts? Unfortunately not having admin access to the managed Cisco devices on the other end may limit what we can do, but looking forward to what you all think.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Networking
Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.
102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
