Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

22,000 Errors/day site-to-site Sonicwalls

Status
Not open for further replies.
brokenhalo

brokenhalo

IS-IT--Management
Feb 24, 2008
169
US
Hey guys,

I am getting these errors between two Sonicwall's in a site-to-site config and it's becoming really frustrating. Over 22,000 of the same exact two errors per day being logged. Now, I am beginning to believe that these errors are erronneous because the VPN itself works great. Here they are...

Network 1 Logs:
IKE Responder: No match for proposed remote network address
IKE Responder: IPSec proposal does not match (Phase 2)

Netwrok 2 Logs:
IKE Initiator: Start Quick Mode (Phase 2).
IKE Initiator: Received notify. NO_PROPOSAL_CHOSEN

I have read the big PDF provided by Sonicwall with common error messages and misc messages, and they say that the VPN settings on both sides don't match, even though they do... Perfectly! Exactly the same authentication, encryption, etc for both phase 1 and phase 2. I have checked and re-checked, and have also tried every other possible combination of different types of authentication, encryption, etc and still no joy. Any help at all is greatly appreciated.

Side Note: I have multiple other site-to-sites setup that work perfectly with no errors.

Brad L.
Systems Engineer
Prestige Technologies
bradlaszlo[at]prestigetech.com

"Some things Man was never meant to know. For everything else, there's Google.
 
Sort by date Sort by votes
That is exactly what the messages mean, but I would bet on an OS/firmware bug, no doubt. I would look on some SonicWall forums...

Burt
 
Upvote 0 Downvote
UPDATE:

Just in case anyone else comes across these errors, here is an answer I recieved from a Sonicwall support ticket...

Created By: Kris Robinson (5/7/2009 4:44 PM)
There is no problem with the configuration of your Site to Site, the problem you are having is related to Standard firmware. To be honest I would just ignore these messages, this wont cause issues with your tunnel and is related to the unit being in transparent mode. If the transparent unit was running Enhanced firmware you wouldnt see this behavior. Let me know if you have any more questions.

Sounds like a load of BS to me as both end of the tunnel have been updated with the latest firmware, but whatever. I will keep trying to find an answer to this, and if I get it figured out, will post back here with the results.

Brad L.
Systems Engineer
Prestige Technologies
bradlaszlo[at]prestigetech.com

"Some things Man was never meant to know. For everything else, there's Google.
 
Upvote 0 Downvote
I would downgrade to a known stable (or "mostly stable") firmware level. I really think it is firmware. There are no actual errors---just a bug that reports errors that are not there!

/
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
345
sircles
sircles
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
741
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
295
Randy_F
Randy_F
cflcrosland
  • Locked
  • Question
Debug Help - Cisco Site-to-Site DVTI VPN
Replies
0
Views
99
cflcrosland
cflcrosland

Part and Inventory Search

Sponsor

Back
Top