|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IKE VPN Connection to SonicWall Firewall - help needed
Don't know if this will be of any help but we had similar problems to yourself only today. We are running the latest firmware on the Sonicwall (6.1.1 I think it is) but only SP3 on FW1. However we did finally get past the 'no proposal chosen' messages to get it working with DES and MD5. Our problem turned out to be a misconfiguration in the network object protected by the Sonicwall. On the Sonicwall end it was protecting a class B but we had it down as protecting a class C on the FW1 end. This hadn't been a problem until yesterday when we added another VPN between the Sonicwall and a 2nd Sonicwall. The 2nd Sonicwall was protecting another class C which came under the class B. Consequently when FW1 negotiated, the first Sonicwall was basically saying no I don't protect all of that network, some of it belongs to this other firewall - only IKE gave us the helpful 'no proposal chosen' message. Everything I found on this error says check the settings both ends and then check them again just to make sure. Hope it helps. Ali. -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of [email protected] Sent: 05 September 2001 14:53 To: [email protected] Subject: [FW1] IKE VPN Connection to SonicWall Firewall - help needed Hello all I hope someone can help me here. I am attempting to create a VPN link between my company and a sister company, however am having some difficulties that I cannot figure out. I am running v4.1 SP4 and attempting to create an IKE connection to a SonicWall Firewall, however the firewalls do not seem to want to transfer the keys. In my log I see the following: IKE Log: Phase 1 completion 3DES/MD5/Pre Shared Secrets Negotiation ID: ............ IKE Log: Received Notification from Peer: no proposal chosen. Initially we were able to get this link working, however in our log we were seeing the above two lines repeated, then I would see: IKE Log: Phase 1 completion 3DES/SHA1/Pre Shared Secrets Negotiation ID: ............ scheme: IKE methods: Combined ESP: 3DES + MD5 (phase 2 completion) for subnet ....... IKE Log: Received Notification from Peer: payload malformed Negotiation Id: .... however the VPL link would come up. The owner of the SonicWall Firewall attempted to upgrade the firmware of the SonicWall a couple of days ago, and afterwards our link fails to start-up. We have even tried to go back to the previous version of the SonicWall without any luck. Another sister company, also running Firewall-1 is able to get the link up however. They are running only SP2 however. Is anyone aware if there is a problem with the VPN capabilities under SP4? Instructions I have from SonicWall for creating the link are for SP3. In this document they indicate that only DES is available for creating the link, However we have tried this and still receive the same "no proposal chosen" error. Any help in getting this link established would be greatly appreciated. Thanks in advance Shawn Kearley ====================================== Shawn Kearley Infrastructure Analyst Newfoundland Power Co. Ltd. Phone:Fax:Email: [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
