Hello!
I have a weird problem. I have 2 sonicwall firewalls that I am trying to make VPN connections to a cisco PIX 520 (version 6.31) firewall. Each sonicwall has it's own separate network of computers behind it. The two networks are are not connected in any way to each other. Each Sonicwall 1 and 2 have the EXACT same configs, SAs, local subnets, everything. The only difference is that the WAN IP of each firewall is different (2 different ISPs). Firewall 1 will connect perfectly fine to the PIX, and pass traffic through to my 192.168.1.0 network no problems. I try and get my second firewall to also negotiate a VPN tunnel to the PIX, and phase 1 completes, but I get:
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 3
If I change my local network on sonicwall 2 side to say 192.168.11.0, it works perfectly.
However, it seems that the PIX is having problems dealing with the same remote network on 2 different policies. Is this possible? The PIX is dealing with 2 different networks
completely, on 2 different WAN IPs, however the local network of those 2 networks are the same. Would this cause problems? And does anyone know of a way to work around this?
Thanks for your help!
I have a weird problem. I have 2 sonicwall firewalls that I am trying to make VPN connections to a cisco PIX 520 (version 6.31) firewall. Each sonicwall has it's own separate network of computers behind it. The two networks are are not connected in any way to each other. Each Sonicwall 1 and 2 have the EXACT same configs, SAs, local subnets, everything. The only difference is that the WAN IP of each firewall is different (2 different ISPs). Firewall 1 will connect perfectly fine to the PIX, and pass traffic through to my 192.168.1.0 network no problems. I try and get my second firewall to also negotiate a VPN tunnel to the PIX, and phase 1 completes, but I get:
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 3
If I change my local network on sonicwall 2 side to say 192.168.11.0, it works perfectly.
However, it seems that the PIX is having problems dealing with the same remote network on 2 different policies. Is this possible? The PIX is dealing with 2 different networks
completely, on 2 different WAN IPs, however the local network of those 2 networks are the same. Would this cause problems? And does anyone know of a way to work around this?
Thanks for your help!