DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor 2800 to Sonicwall NSA3500

  • povetski
  • Topic Author
  • Offline
  • New Member
  • New Member
More
18 Jan 2013 16:02 #1 by povetski
Vigor 2800 to Sonicwall NSA3500 was created by povetski
Hi I have an ipsec VPN set up between an draytek 2800 (latest software) an a Sonicwall NSA3500. This is an always on setup and was working OK. However we now have the situation where the to get the VPN up we have to disable and renable the VPN at he Sonicwall end. If we then drop the VPN at the draytek end it will not re-establish until the Sonicwall end is reset.

When it fails we see the following in the logs:

Where
sonicwalladdress = internet IP address of sonicwall NSA3500
draytecaddress = internet IP of Draytec Router

SONICWALL
fw=sonicwalladdress pri=6 c=16 m=351 msg="IKE Initiator: Start Main Mode negotiation (Phase 1)" n=42672 src=sonicwalladdress:500 dst=draytekaddress:500 note="VPN Policy: XXX"
fw=sonicwalladdress pri=6 c=16 m=355 msg="IKE Responder: Received Main Mode request (Phase 1)" n=624027 src=draytekaddress:500 dst=sonicwalladdress:500
fw=sonicwalladdress pri=6 c=16 m=930 msg="IKE Initiator: Remote party timeout - Retransmitting IKE request." n=125682 src=sonicwalladdress:500 dst=draytekaddress:500 note="VPN Policy: XXX"
fw=sonicwalladdress pri=6 c=16 m=355 msg="IKE Responder: Received Main Mode request (Phase 1)" n=624028 src=draytekaddress:500 dst=sonicwalladdress:500
fw=sonicwalladdress pri=6 c=16 m=355 msg="IKE Responder: Received Main Mode request (Phase 1)" n=624029 src=draytekaddress:500 dst=sonicwalladdress:500
fw=sonicwalladdress pri=6 c=16 m=355 msg="IKE Responder: Received Main Mode request (Phase 1)" n=624030 src=draytekaddress:500 dst=sonicwalladdress:500
fw=sonicwalladdress pri=6 c=16 m=930 msg="IKE Initiator: Remote party timeout - Retransmitting IKE request." n=125683 src=sonicwalladdress:500 dst=draytekaddress:500 note="VPN Policy: XXX"

DRAYTEK
Vigor: Dialing Node1 (XXX) : sonicwalladdress
Vigor: Initiating IKE Main Mode to sonicwalladdress
Vigor: Dialing Node1 (XXX) : sonicwalladdress
Vigor: Initiating IKE Main Mode to sonicwalladdress
Vigor: Dialing Node1 (XXX) : sonicwalladdress
Vigor: Initiating IKE Main Mode to sonicwalladdress

We have done a fair bit of testing with different configs but always need to reset the connection at the Sonicwall end if we drop the VPN. Once up it all works fine for approx 7-8 hours then usually drops.

Has anyone got any idea what might be causing this.

Many thanks

Please Log in or Create an account to join the conversation.

  • sicon
  • User
  • User
More
23 Jan 2013 17:15 #2 by sicon
Replied by sicon on topic Re: Vigor 2800 to Sonicwall NSA3500
HI

Whats changed?

Does the sonic wall so route based or policy based VPNS?

I have found when doing connections between Draytek and Juniper that policy based work much better and never drops where as router based (which requires more config) is not as stable....
Maybe this is a similar issue?

Its not trying to do a Proxy ID is it?

Have you checked the help on the Draytek website - there is Draytek to SonicWall Instructions on there which may help you out.

Could either device have a fault?

This may also help https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3595

Please Log in or Create an account to join the conversation.