Site-to-Site VPN from SonicWALL to SonicWall

I have been trying to setup a site to site VPN between two of our buildings for the last 3 days.  On one end (new building) I have a brand new SonicWALL NSA 3600 with just the basic settings (static IP, subnet, etc).  On the other end (headquarters) I have an older SonicWALL NSA 3500.  This NSA 3500 has 4 other site to site VPN's already working (one of which is to another SonicWALL TZ210).  I am running into a problem with the new site to site vpn where I cannot get the connection established.

I am using IKEv2 on both ends, the same DH group, the same encryption (AES-256) and still nothing.  Here is the log I see on my NSA 3500

IKEv2 Received notify error payload
IKEv2 Initiator: Received IKE_AUTH response
IKEv2 Initiator: Send IKE_AUTH Request
IKEv2 No NAT device detected between negotiating peers
IKEv2 Accept IKE SA Proposal
IKEv2 Initiator: Received IKE_SA_INT response
IKEv2 Initiator: Send IKE_SA_INIT Request

Double and triple checked the pre-shared keys and IP addresses.  Any suggestions?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
So if you have existing and working tunnels, it is easy to compare settings. Is the new place on a different subnet? And also, do you need to upgrade the firmware on the exist routers to match the firmware of the new router.
CCraneCompanyAuthor Commented:
Yes, the new place is in a different subnet.  I compared every setting and matched settings for my other SonicWALL tunnel with the new firewall and I still cannot get them to connect.  I did update the firmware on both firewalls (NSA 3500 and NSA 3600) to the latest supported versions.
JohnBusiness Consultant (Owner)Commented:
The error suggests the connection is not getting started. Triple check the external IP addresses. Also, how many tunnels does the base unit allow? Is 4 the limit?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

CCraneCompanyAuthor Commented:
My NSA 3500 has a VPN limit of 50. I can do a VPN connection from the GlobalVPN software to both firewalls (one at a time, of course). So I am really stomped on this one.
JohnBusiness Consultant (Owner)Commented:
If you can do 50 tunnels and have 4 working and if you compared EVERY setting in detail, then you may have one bad box. Try resetting it back to factory specifications and setting it up again.

I use Cisco and Juniper gear and have 4 tunnels here connected to various points. I make sure settings are comparable across tunnels and that usually does it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
Also, check NAT Traversal. It may need to be ON or OFF depending on the endpoints. Try NAT Traversal both ways. Some of my tunnels have it enabled and some do not.
CCraneCompanyAuthor Commented:
Thank you John.  I started from scratch and this time the tunnel worked.
JohnBusiness Consultant (Owner)Commented:
@CCraneCompany  - Thanks for the update and I was happy to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.