I need advice setting up Sonicwall VPN

This will probably take a few posts, but I am trying to get assistance setting up a VPN with our main corporate network. Supposedly all the settings are completed on the corporate side and it is up to me to figure out this older Sonicwall that does not have support. The firmware version is SonicOS Enhanced 5.6.0.10-52o.

I have been tasked with configuring site to site VPN with a shared secret. I am convinced I have all the settings correct such as Main Mode, Group 2, SHA1 and renegotiation intervals. I am pointing to an IP address that already has several VPNs configured on it, but none are Sonicwalls. Each time I try to enable, I just something like the errors below, "remote party timeout" . Does the error below mean I am not even hitting? It looks like I am not even past phase 1 and I know I have some work to do, but all suggestions welcome on how to trouble shoot...thanks


3  03/30/2015 17:36:05.112 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. xxx.xxx.xxx.xxx, 500 xxx.xxx.xxx.xxx, 500 VPN Policy: MMCo B2B VPN Tunnel  
4  03/30/2015 17:35:46.112 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. xxx.xxx.xxx.xxx, 500 xxx.xxx.xxx.xxx, 500 VPN Policy: MMCo B2B VPN Tunnel  
5  03/30/2015 17:35:35.112 Info VPN IKE IKE Initiator: Remote party timeout - Retransmitting IKE request. xxx.xxx.xxx.xxx, 500 xxx.xxx.xxx.xxx, 500 VPN Policy: MMCo B2B VPN Tunnel  
6  03/30/2015 17:35:28.288 Info VPN IKE IKE Initiator: Start Main Mode negotiation (Phase 1) xxx.xxx.xxx.xxx, 500 xxx.xxx.xxx.xxx, 500 VPN Policy: MMCo B2B VPN Tunnel
LVL 1
Thor2923Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You need:

Different internal IP address ranges on each end. Static external IP on each end.

Phase 1:  3 DES or comparable, DH Group 2, SHA1
No PFS
Phase 2:  3DES or your choice above, SHA1
Pre-shared Key: you must know it or change the corporate end.
Possibly NAT Traversal.

Phase 1 and 2 mirrored at each end.

There are numerous settings but these are the basics.
0
Thor2923Author Commented:
I am getting the following errors in my logs. It appears to be hitting the IP I want to connect to which I have modified to 168.245.65.1 to show in this example, but I am getting a "delete request"   Does that give any clue? Does it look like there is some kind of communication, just a configuration problem?

03/31/2015 08:06:18.128 Info VPN IKE IKE Initiator: Start Main Mode negotiation (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
2  03/31/2015 08:06:18.128 Info VPN IKE Received IKE SA delete request 168.245.65.1, 500 208.255.188.234, 500 VPN Policy: MMCo B2B VPN Tunnel  
3  03/31/2015 08:06:18.128 Warning VPN IKE Received notify. NO_PROPOSAL_CHOSEN 168.245.65.1, 500 208.255.188.234, 500  
4  03/31/2015 08:06:18.064 Info VPN IKE IKE Initiator: Start Quick Mode (Phase 2). 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
5  03/31/2015 08:06:18.064 Info VPN IKE IKE Initiator: Main Mode complete (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel;AES-256; SHA1; DH Group 2; lifetime=86400 secs  
6  03/31/2015 08:06:17.816 Info VPN IKE IKE Initiator: Start Main Mode negotiation (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
7  03/31/2015 08:06:17.816 Info VPN IKE Received IKE SA delete request 168.245.65.1, 500 208.255.188.234, 500 VPN Policy: MMCo B2B VPN Tunnel  
8  03/31/2015 08:06:17.816 Warning VPN IKE Received notify. NO_PROPOSAL_CHOSEN 168.245.65.1, 500 208.255.188.234, 500
0
JohnBusiness Consultant (Owner)Commented:
Did you check your settings at both ends?  It appears you are not getting past Phase 1 above. You need to check that Phase 2 settings are using the same variables as Phase 1 where appropriate and then mirror the settings at both ends.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Thor2923Author Commented:
my main issue is I cannot get to the other end...I have to schedule an appointment with our corporate office and that could take forever. I need to make sure I have done as much as I can on my end before I go that way. I made a change and I am appearing to get to phase 2. Does this look like I am getting further now?

03/31/2015 08:06:18.128 Info VPN IKE IKE Initiator: Start Main Mode negotiation (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
2  03/31/2015 08:06:18.128 Info VPN IKE Received IKE SA delete request 168.245.65.1, 500 208.255.188.234, 500 VPN Policy: MMCo B2B VPN Tunnel  
3  03/31/2015 08:06:18.128 Warning VPN IKE Received notify. NO_PROPOSAL_CHOSEN 168.245.65.1, 500 208.255.188.234, 500  
4  03/31/2015 08:06:18.064 Info VPN IKE IKE Initiator: Start Quick Mode (Phase 2). 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
5  03/31/2015 08:06:18.064 Info VPN IKE IKE Initiator: Main Mode complete (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel;AES-256; SHA1; DH Group 2; lifetime=86400 secs  
6  03/31/2015 08:06:17.816 Info VPN IKE IKE Initiator: Start Main Mode negotiation (Phase 1) 208.255.188.234, 500 168.245.65.1, 500 VPN Policy: MMCo B2B VPN Tunnel  
7  03/31/2015 08:06:17.816 Info VPN IKE Received IKE SA delete request 168.245.65.1, 500 208.255.188.234, 500 VPN Policy: MMCo B2B VPN Tunnel  
8  03/31/2015 08:06:17.816 Warning VPN IKE Received notify. NO_PROPOSAL_CHOSEN 168.245.65.1, 500 208.255.188.234, 500
0
JohnBusiness Consultant (Owner)Commented:
You keep posting logs and they are not of much use past what I said.

This is a problem:  NO_PROPOSAL_CHOSEN   and in my experience, it means the end points are not the same.

You are using Main mode (good). Are you using NAT Traversal?
0
Thor2923Author Commented:
well I was much closer then I thought. I tweaked a protocol setting and BINGO a green dot! The dot looks nice but I still cannot hit the required webpage at the other end of the VPN. I am assuming it is a firewall setting or rule that has to be opened up. When I try to browse from behind the Sonicwall to the webpage I need the Sonicwall displays;

 "03/31/2015 09:55:19.336 Notice Network Access Web access request dropped 192.168.1i.185, 60245, X0 166.74.68.129, 80, X1 TCP HTTP"


Does that appear to be a firewall rule??
0
JohnBusiness Consultant (Owner)Commented:
The remote subnet looks like it should be 192.168.1.185 ("i" has no business in an IP address). That said, is your end also 192.168.1.x ? Very common internal IP.  More that than firewall, although check that firewall rules allow subnets at both ends.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thor2923Author Commented:
I finally got it!! to be honest I had modified the IP addresses for security reasons and did not realize I put an alphabetic character in one. Good spot though. I know I came in here with a real vague problem and gave you some vague logs and vague descriptions,  By doing so it allowed me to think it out and work through it. I thank you for your time and effort
0
Thor2923Author Commented:
I gave this poor guy some real vague logs and descriptions but he helped me think it out so I want to award all the points
0
JohnBusiness Consultant (Owner)Commented:
@Thor2923  - Thank you. I am glad you got it fixed and I was happy to help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.