qvfps
asked on
How to connect a SmothWall and a SonicWall with a SIte-to-Site VPN
I need to setup a Site-to-Site VPN between a SmoothWall v3.1 and a SonicWall TZ. I have tried to configure the connection on both ends but so far have been unable to get any kind of a connection between the two.
I have played with the IKE and IPSEC proposals on the SonicWall but have not found a combination which works. I do not see anywhere I can set these on the SmoothWall Has anyone managed to accomplish this?
SmoothWall.jpg
SonicWall1.jpg
SonicWall2.jpg
I have played with the IKE and IPSEC proposals on the SonicWall but have not found a combination which works. I do not see anywhere I can set these on the SmoothWall Has anyone managed to accomplish this?
SmoothWall.jpg
SonicWall1.jpg
SonicWall2.jpg
J Spoor
can you give some logs from the SonicWall where the VPN fails?
local IKE ID on the SonicWall is most likely the PUBLIC IP, not the private IP
ASKER
I have looked at the logs on both the SmoothWall and the SonicWall. I posted the only two entries i found on the SonicWall. Each time I tried to connect I see the same two messages. I changed the IKE phase one proposals to MD5 to SHA1 and back but the log entry was always the same
IKE Responder; IKE proposal does not match (Phase 1)
IKE REsponder; Phase 1 hash algorith does not match: VPN Policy local SHA1; peer MD5
I could find no logs on the SonicWall from the time I tried to connect.
SonicwallLog1.jpg
SonicwallLog1a.jpg
IKE Responder; IKE proposal does not match (Phase 1)
IKE REsponder; Phase 1 hash algorith does not match: VPN Policy local SHA1; peer MD5
I could find no logs on the SonicWall from the time I tried to connect.
SonicwallLog1.jpg
SonicwallLog1a.jpg
if you see the Sonicwall log, the packets are coming in on the WAN Group VPN.
This happens when your policy itself is not setup with the correct remote WAN IP.
This happens when your policy itself is not setup with the correct remote WAN IP.
ASKER
By WAN IP do you mean the "IPSEC Primary Gateway Name or Address" and the "Peer IKE ID"? I have verified the IP multiple times and it is the external IP on the SmoothWall.
Not Peer IKE IDs
real WAN IPs.
the VPN policy on the Sonic expects 65.65.23.23
Can you check the logs and see from what IP the smoothwall is trying to build?
There seems to be a mismatch...
Either that or there's a huge discrepancy in phase 1 parameters.
make sure both sides are set to the same
MAIN Mode (it could be that he smoothwall is trying an aggressive mode instead, hence trying to connect to WAN Group VPN)
real WAN IPs.
the VPN policy on the Sonic expects 65.65.23.23
Can you check the logs and see from what IP the smoothwall is trying to build?
There seems to be a mismatch...
Either that or there's a huge discrepancy in phase 1 parameters.
make sure both sides are set to the same
MAIN Mode (it could be that he smoothwall is trying an aggressive mode instead, hence trying to connect to WAN Group VPN)
ASKER
The "IPSEC Primary Gateway Name or Address" is the external IP of the SmoothWall. I have reverified it. When I look at the SmoothWall logs I do find anything related to the sonicwall IP or vpn connections in the logs on the SmoothWall.
I did disable the Wan GroupVPN and tried to connect again. This time I get
Event Responder: IKE ID mismatch
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: Proposed IKE ID mismatch
Src. Name
Dst. Name
Notes VPN policy does not exist for peer IP address: 65.65.32.23
I am not sure what VPN Policy it is looking for. 65.65.32.23 is the external IP of the SmoothWall and is the "IPSEC Primary Gateway Name or Address on the Site-To-Site VPN" policy I have setup.
I did disable the Wan GroupVPN and tried to connect again. This time I get
Event Responder: IKE ID mismatch
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: Proposed IKE ID mismatch
Src. Name
Dst. Name
Notes VPN policy does not exist for peer IP address: 65.65.32.23
I am not sure what VPN Policy it is looking for. 65.65.32.23 is the external IP of the SmoothWall and is the "IPSEC Primary Gateway Name or Address on the Site-To-Site VPN" policy I have setup.
tht's indeed a case of mismatching IKE IDs.
Pls set Peer IKE ID to the Smoothwall's public IP
and pls set Local IKE ID to the SonicWall's Public IP address
Pls set Peer IKE ID to the Smoothwall's public IP
and pls set Local IKE ID to the SonicWall's Public IP address
ASKER
That is the original configuration. I verified the IP addresses for
IPSec Primary Gateway Name or Address: External IP of SmoothWall
Local IKE ID: External IP of SonicWall (Also tried Internal IP to match and existing policy which works)
Peer IKE ID: External IP of SmoothWall
I am still getting the following two events every time I try and connect:
Time 14:25:45 Apr 05
ID 402
Category VPN
Group VPN IKE
Event Proposal Rejected
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: IKE proposal does not match (Phase 1)
Src. Name
Dst. Name
Notes VPN Policy:
Time 14:24:25 Apr 05
ID 658
Category VPN
Group VPN IKE
Event Responder: IKE ID mismatch
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: Proposed IKE ID mismatch
Src. Name
Dst. Name
Notes VPN policy does not exist for peer IP address:
IPSec Primary Gateway Name or Address: External IP of SmoothWall
Local IKE ID: External IP of SonicWall (Also tried Internal IP to match and existing policy which works)
Peer IKE ID: External IP of SmoothWall
I am still getting the following two events every time I try and connect:
Time 14:25:45 Apr 05
ID 402
Category VPN
Group VPN IKE
Event Proposal Rejected
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: IKE proposal does not match (Phase 1)
Src. Name
Dst. Name
Notes VPN Policy:
Time 14:24:25 Apr 05
ID 658
Category VPN
Group VPN IKE
Event Responder: IKE ID mismatch
Msg. Type Standard Note String
Priority Debug
Message IKE Responder: Proposed IKE ID mismatch
Src. Name
Dst. Name
Notes VPN policy does not exist for peer IP address:
ASKER
I finally managed to get the connection working. I found the following link which gave me enough information to set the correct proposals.
http://www.pavelec.net/adam/vpn/
SmoothWallVPNSettings.PNG
http://www.pavelec.net/adam/vpn/
SmoothWallVPNSettings.PNG
got any screenshots of the smoothwall ipsec proposal side?
ASKER
No. It is the free version of SmoothWall. There are no user configurable settings I could find. That was the issue.
Hi,
I had been through the config files for both Sonic and Smooth it is failing in Phase-1 of VPN Configuration .There is a mismatch of Gateway IP address on SmoothWall .On Sonic wall the local ip address is 192.168.10.2 and on Peer Ip address is 65.65.32.23 and whereas on SmothWall the localID is something else 22.33.44.55 it should be the same as you oconfigured on Sonic Wall in viceversa the local IP should be 65.65.32.23 and peer Ip should be 192.168..10.2.Make these changes and try you should be able to connect to VPN.
I had been through the config files for both Sonic and Smooth it is failing in Phase-1 of VPN Configuration .There is a mismatch of Gateway IP address on SmoothWall .On Sonic wall the local ip address is 192.168.10.2 and on Peer Ip address is 65.65.32.23 and whereas on SmothWall the localID is something else 22.33.44.55 it should be the same as you oconfigured on Sonic Wall in viceversa the local IP should be 65.65.32.23 and peer Ip should be 192.168..10.2.Make these changes and try you should be able to connect to VPN.
ASKER
I finally managed to get the connection working. I found the following link which gave me enough information to set the correct proposals.
http://www.pavelec.net/adam/vpn/
SmoothWallVPNSettings.PNG
http://www.pavelec.net/adam/vpn/
SmoothWallVPNSettings.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.