[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW-1 and SonicWall SOHO2 VPN - help needed
Hello all - We've recently purchased SonicWall SOHO2 for one of our remote offices. Everything on it runs great, but the VPN with our CheckPoint 4.1 SP4 fails. We're trying the pre-shared secret IKE mode. We've upgraded the SonicWall to firmware 6.0.1.1, but no luck. The CheckPoint log viewer says: "IKE Log: Received notification from peer: No proposal chosen". At the same time SonicWall tells me: "IKE Responder: Begin Aggressive Mode Phase 1" and goes with this message on and on. Yes, we've inserted a NAT rule on the CheckPoint site to prevent the traffic that is to be encrypted from being Nat-ed at the same time. We're set the rules on SonicWall to accept fragmented IPSEC packets and followed step by step the document on the SonicWall site that describes the VPN setup for CheckPoint, but no luck. SonicWall support wasn't really helpful with this issue, so I am wondering in anyone on the list has had this problem solved. One thing that might be the real problem here is the fact that our SonicWall obtains it's WAN IP via DHCP. The other thing I noticed is once you enable the VPN, the admin gui automatically inserts a rule in the Access List of SonicWall that reads like this: Accept IKE from * to 192.168.1.1(*) - where 192.168.1.1 is the LAN interface of the SonicWall. This really looks strange, as I'd expect too there the WAN IP, and not the LAN one. But again, that might be because that WAN IP is obtained via DHCP. Any suggestions ?? Regards, Petar Karafezov MetaMarkets.com------------------------------------------- Investing Out Loud at http://www.metamarkets.com ------------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|