Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with SonicWall VPN client to firewall connection

Status
Not open for further replies.
Gromit73

Gromit73

IS-IT--Management
May 22, 2002
10
US
I'm having some trouble with a VPN between a sonicwall tele3 and the VPN client software. The problem is as follows. Please ask if you need more info to help figure out the puzzle.

We installed the VPN client onto a windows 98 PC. The PC connects to the internet through a DSL connection. The DSL connection is through a Cisco 677 DSL router that is running NAT. The Sonicwall tele3 connects the internet through an "Efficient" Router that is NOT running NAT. The sonicwall has a public static IP address and has been configured to accept group VPN connections.

The VPN client and the sonicwall establish a dialog but seem to fail during the authentication stage: (Please note that IP's have been changed)

11/25/2002 16:01:52.304 - IKE Responder: Begin Aggressive Mode Phase 1 - -
11/25/2002 16:01:56.816 - IKE Responder: No response - remote party timeout or SA mis-match - Source:192.168.0.84, 500 - Destination:123.546.789.22, 500 - -
11/25/2002 16:01:56.848 - IKE Responder: Begin Aggressive Mode Phase 1 - -
11/25/2002 16:01:59.816 - IKE Responder: No response - remote party timeout or SA mis-match - Source:192.168.0.84, 500 - Destination:123.546.789.22, 500 - -

We are using "Pre-shared secret" for the VPN. The configuration on the VPN Client was exported/imported from the Sonicwall. I have reset the key on the client and the sonicwall just to insure that they are the same.

Could this issue have anything to do with Speedstream or Cisco DSL routers or NAT? Any input would be appreciated.

Thanks for the help.
 
Sort by date Sort by votes
I'm willing to bet the problem is with NAT.
Try plugging the client directly into the DSL and test.
If it works, you know for sure it is the NAT causing the problem. NAT and IPSec do not play nice together.
Things to try ...
First, make sure that NAT-T is enabled on the Cisco and the Tele3. If the two manufacturers have implemented NAT-T in a compatible manner, this should work but from experience, I wouldn't hold my breath. VPN connections are difficult if you are using different hardware and the client side has NAT. Consider getting a Sonicwall (probably SOHO3) to replace the "Efficient" and create a tunnel between the two boxes. This will eliminate NAT as an issue and allow everyone on both networks to access the other network.
 
Upvote 0 Downvote
Try turning off stealth mode on the destination box - it helped for me - it isnt meant to do this but i found it was the only way ...

 
Upvote 0 Downvote
I read that the Cisco 677's will work with VPN's but that was what caused the issue. I had to point port 500 UDP to the internal machine with the VPN software. The tunnal opened right up then. Thanks for the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
242
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top