Sonic Wall TZ100 Enhanced 5610 VPN Setup

More info in the Main Network en Remote Network.

Also you might have a look here, the same error on IkePH1;



___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged
___________________________________________

This is something I typed up a couple of months ago for the TZ100.

Sonicwall Settings
WAN Group VPN
General Tab
Authentication Method - IKE using Preshared Secret
Name - WAN GroupVPN
Shared Secret - 12345678910

Proposals Tab
DH Group - Group 2
Encryption - 3DES
Authentication - SHA1
Lifetime - 28800
Protocol - ESP
Encryption - 3DES
Authentication - SHA1
Check Enable Perfect Forward Secrecy
DH Group - Group2
Life Time - 28800

Advanced Tab
Allow Unauthenticated VPN Client Access - LAN Primary Subnet

Client Tab
Virtual Adapter settings - DHCP Lease or Manual Configuration
Allow Connections To - Split Tunnels


VPN Phone Settings
Server - Public IP Address of main firewall
IKE ID - GroupVPN
PSK - Pre Shared Secret in main firewall

IKE Parameters
IKE ID Type - FQDN
DH Group - 2
Encryption ALG - 3DES
Authentication ALG – SHA1
IKE Xchange Mode - Aggressive
IKE Config Mode - Disable
XAUTH - Disable
Cert Expiry Check - Disable
Cert DN Check - Disable

IPSEC Parameters
Encryption ALG - 3DES
Authentication ALG – SHA1
DH Group - 2

VPN Start Mode - On Demand
Password Type - NA
Encapsulation - 4500-4500
Syslog Server - Leave Blank
Protected Nets - Virtual IP – IP Phone IP Address
Remote Net#1 – Main office IP Scheme (i.e. 192.168.0.0/24)
Copy TOS - No
File Server -
QTest - Disabled
Connectivity Check - Always

Thanks for the info Gknight1. But unless I am missing something this is basically the same as the info in Tech Tip 190.

The only difference is you have 12345678910 instead of 1234567890 as the shared secret and you have VPN start mode as on demand instead of boot.

With the on demand the my ip phone doesn't even try to go to the VPN.

Is there something I should be looking at that I am missing?

Bas1234

Thanks for the info. Could you explain what you mean by

"More info in the Main Network en Remote Network

The ip range on both sites?
VPN licence?
Version?


___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged
___________________________________________

The IP range at the Sonic Wall is 192.168.10.xxx

The IP phone is presently connected via DHCP with a 192.168.2.xxx address

Since this is a IP Office 500V2 no VPN license is needed. The system is 6.0 (14)

You do need a licence, but it's a normal
"Avaya IP Phones license"
So i guess you have one?


___________________________________________
It works! Now if only I could remember what I did...

Dain Bramaged
___________________________________________

I forgot to mention the system has a VCM which provides the access for the IP phone