(2013-08-15)
GODDAMMIT
I don't like Sonicwalls very much.
Problem: Netscreen keeps saying
Rejected an IKE packet on $INTERFACE from $ME:500 to $THEM:500 with cookies $BLAH and $BLAH because The peer sent a packet with a message ID before Phase 1 authentication was done.Solution: Sonicwall is in IKE2 mode. Change it to Main (Proposals tab, IKE (Phase1) Proposal, Exchange). I suppose you could change your Netscreen to IKE2 mode for this gateway, but that'll cause you other problems (like having to remove and then redefine your VPN definition).
Problem:: Netscreen keeps saying
Rejected an IKE packet on $INTERFACE from $ME:500 to $THEM:500 with cookies $BLAH and $BLAH because The peer sent the incorrect IKE ID payload type: IP Address,1. or something else to do with IKE ID payloads
Solution: Ensure that the Sonicwall is using IP addresses as IKE Authentication (General tab) with the correct IP addresses for Local and Peer.
Problem: Netscreen keeps saying
Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN.Solution: Confirm proposal match. In my case, I had to add Use Perfect Forward Secrecy on the Sonicwall side (Proposals tab, Ipsec (Phase 2) Proposal).