Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IKE between SonicWall+Netscreen-25

Status
Not open for further replies.
heyyunus

heyyunus

IS-IT--Management
Apr 11, 2006
121
0
0
US
Hi All,

I am having some problems setting up IKE VPN connection using Netscreen-25 & Soniwall.

I have successfully connected Netscreen-25 & Soniwall using IKE for two of my offices but the third office is not responding. All of 3 SonicWall in the other offices are having same firmware and using the same IKE method.

At my netscreen i get the following error:
Phase 1: Retransmission has reached.

I ran get debug str command and got the following:

Phase 1 SA reported broken.

Any ideas.
Thanks
Yunus
 
Sort by date Sort by votes
It is always best to troubleshoot at the responder side of the VPN. It seems in your case the Netscreen may be the initiator. Can you try having the Sonicwall be the initiator and check your event log for clues as to why it is failing.
 
Upvote 0 Downvote
Hi,

thanks for the reply. sorry for being late in posting, i was on leave.

Yes you are write, the administrator configured Sonicwall on his side and sent me the P1 & P2 proposal details, I then configured at my side.

But then according to your idea , what needs to be changed on the current setup to change the direction of connection initiation.

 
Upvote 0 Downvote
Whichever side is the initiator and which is the responder depends on which side needs to send traffic first. If the tunnels are down you could initiate a ping or something from the Sonicwall side to initiate the tunnel from the Sonicwall side. Likewise you can either send traffic through or enable VPN monitoring on the Netscreen side to have the Netscreen be the initiator. My point is that it is always best to troubleshoot on whichever side happens to be the responder.
 
Upvote 0 Downvote
Hi,

Thanks the i gave the ping to the local LAN ip even before the VPN tunnel was up, I left it overnight, today morning i found the VPN is up. I initiated this from the Netscreen side (that is my side)

But the only problem is when i reboot the Netscreen, this VPN which we are talking about takes 2-3 hrs to come up again, The other two VPN's comes up instantly as soon as the interface becomes active after the reboot.

If we can figure this last one out then i think i am all set, Because there are situations where i have to reboot the Netscreen firewall.

Thanks


-------
Yunus
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
165
Shmid
Shmid
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
45
Russtoleum
Russtoleum
Maakus
  • Locked
  • Question
SonicWall
Replies
4
Views
56
Maakus
Maakus
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
46
ISDPCMAN
ISDPCMAN
malibu1979
  • Locked
  • Question
SonicWall GVC
Replies
1
Views
56
jcarmichael1203
jcarmichael1203

Part and Inventory Search

Sponsor

Back
Top