Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sonicwall vpn client 8 to Sonicwall pro 1

Status
Not open for further replies.
waynemallo

waynemallo

IS-IT--Management
Aug 22, 2002
4
GB
Currently have sonicwall vpn client 5.1.3 connecting to sonicwall pro firmware 6.3.1.4 using groupvpn with pre-shared secret working fine. Trying to connect using sonicwall vpn cleint version 8 & Netscreen-remote version 8.1 which both are failing with the same error messages.

Log on sonicwall reads

IKE Responder: No response - remote party timeout or SA mis-match

Log viewer on the client reads

12-05: 09:51:35.932 My Connections\GroupVPN 172.16.0.0 - Initiating IKE Phase 1 (IP ADDR=195.166.67.78)
12-05: 09:51:35.963 My Connections\GroupVPN 172.16.0.0 - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x)
12-05: 11:39:36.936
12-05: 11:39:37.046 My Connections\GroupVPN 172.16.0.0 - Initiating IKE Phase 1 (IP ADDR=195.166.67.78)
12-05: 11:39:37.077 My Connections\GroupVPN 172.16.0.0 - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 5x)

I am using the same SPD file created on the sonicwall pro for both version of the sonicwall vpn client and the netscreen-remote and have added the preshared secret to them all.

Everyone have any idea's how to get the newer versions working.
 
Sort by date Sort by votes
I have the exact same problem. iv got no idea how to fix it and have spent hours. Come on guys, some one out there most know...
 
Upvote 0 Downvote
I was goin to try unblocking the ICMP port to enable ping to the Ext gateway. Maybe this is why we cannt connect. Im not too sure but if you think of the theory... If the ICMP port is blocked, the firewall cannot be ping. So if it cant be pinged, how does the VPN client passthrough the NAT Address to access the LAN?

What do you think?
 
Upvote 0 Downvote
The LAN side of the firewall should be setup in the fiewall rules to goto destination * without this the VPN will not work. I have also a rule in place so any machine on the LAN can ping the WAN. Also in advanced setting on the groupvpn there is an option to apply NAT and Firewall rules to the VPN with I have switched off. We have 6 clients using group vpn on sonicwall vpn client version 5.1.3 ok and two offices in the U.S.A connecting by Hardware VPN via sonicwall soho2. So it must be some change in the safenet software that both sonicwall v8 and netscreen-remote v8.1 use. I have also tried netscreen-remote 7 as well.
 
Upvote 0 Downvote
I had this problem too .. took a while of trying all sorts of settings,

I have seen this with both box to box and client to box solutions i found that by turning off stealth mode on the destination box the client end is then able to see and communicate ..

This shouldnt really happen but i think it may be a bug in the new firmware or the client software...
 
Upvote 0 Downvote
My Sonicwall doesnt have Stelth mode enabled. What else did you change? Did you add any access rules?
 
Upvote 0 Downvote
Tell me if this helps.

Message Not Received reported in SoftRemote log

Product: SoftRemote

Description: Message Not Received! reported in SoftRemote log. This indicates that SafeNet SoftRemote sent an IPSec packet to a peer encryptor, such as a VPN client or VPN gateway, and expected a response, but did not get one.

Resolution: There are many reasons why a response was not received from the VPN peer. Here are the most common causes:

1) SoftRemote and the VPN peer do not have matching security policies.

Suggestions:
Check the configurations of the security policies settings to make sure they match. View the log of the VPN peer for more information on why it did not respond to the IPSec packet.

2) Packet was blocked along the path from the SoftRemote client to VPN gateway.

Suggestions:
a) Check the connection by sending a ping to the peer VPN client or VPN gateway.
b) A personal firewall may be blocking the traffic. Make sure it is open to UDP port 500 and ESP protocol 50 and AH protocol 51.

3) SoftRemote client may have a private IP address assigned to it, which cannot be routed back to over the public Internet. Network Address Translation (NAT) is not supported within the VPN tunnel unless the user has installed SoftRemote version 8 and the peer encryptor is NAT-T compatible.

Suggestions:
a) Obtain a public IP address from the ISP.
b) Disable NAT on the local gateway.



If not do a search on as this is where i found this document.

thanks...
 
Upvote 0 Downvote
Thanks for all your help solve the problem by changing my ISP form freeserve to ace internet
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
243
Joon Smith
Joon Smith
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F

Part and Inventory Search

Sponsor

Back
Top