For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > VPN with SonicWall

VPN with SonicWall

Created by dave. Last edited by dave, 10 years and 218 days ago. Viewed 6,856 times. #1
[edit] [rdf]
labels
attachments
(2013-08-15)

GODDAMMIT

I don't like Sonicwalls very much.

Problem: Netscreen keeps saying Rejected an IKE packet on $INTERFACE from $ME:500 to $THEM:500 with cookies $BLAH and $BLAH because The peer sent a packet with a message ID before Phase 1 authentication was done.

Solution: Sonicwall is in IKE2 mode. Change it to Main (Proposals tab, IKE (Phase1) Proposal, Exchange). I suppose you could change your Netscreen to IKE2 mode for this gateway, but that'll cause you other problems (like having to remove and then redefine your VPN definition).

Problem:: Netscreen keeps saying Rejected an IKE packet on $INTERFACE from $ME:500 to $THEM:500 with cookies $BLAH and $BLAH because The peer sent the incorrect IKE ID payload type: IP Address,1. or something else to do with IKE ID payloads

Solution: Ensure that the Sonicwall is using IP addresses as IKE Authentication (General tab) with the correct IP addresses for Local and Peer.

Problem: Netscreen keeps saying Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.

Solution: Confirm proposal match. In my case, I had to add Use Perfect Forward Secrecy on the Sonicwall side (Proposals tab, Ipsec (Phase 2) Proposal).

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt