DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
URGENT help with Sonicwall - 2862 VPN
- hornbyp
- User
-
Less
More
22 Oct 2020 04:08 #13
by hornbyp
Replied by hornbyp on topic Re: URGENT help with Sonicwall - 2862 VPN
Please Log in or Create an account to join the conversation.
- gtpc_ltd
- Topic Author
- User
-
Less
More
22 Oct 2020 04:14 #14
by gtpc_ltd
Replied by gtpc_ltd on topic Re: URGENT help with Sonicwall - 2862 VPN
The Draytek page is somewhat out of date.
So I have different options on the 2862 (FW 3.9.3)
So the Draytek - dial out settings - guide just shows IPSec Tunnel - on the 2862 I have IPSec Tunnel - but then options IKEv1, IKEv2, IKEv2 eAP, Xauth.
On the Ipsec security method, advanced, the options are grouped on the guide, but separate on the 2862 - but they are matched.
I have updated to be letter for letter the guide
So I have different options on the 2862 (FW 3.9.3)
So the Draytek - dial out settings - guide just shows IPSec Tunnel - on the 2862 I have IPSec Tunnel - but then options IKEv1, IKEv2, IKEv2 eAP, Xauth.
On the Ipsec security method, advanced, the options are grouped on the guide, but separate on the 2862 - but they are matched.
I have updated to be letter for letter the guide
Please Log in or Create an account to join the conversation.
- gtpc_ltd
- Topic Author
- User
-
Less
More
22 Oct 2020 04:21 #15
by gtpc_ltd
Replied by gtpc_ltd on topic Re: URGENT help with Sonicwall - 2862 VPN
Still won't connect.
I hate sonicwalls.
I hate sonicwalls.
Please Log in or Create an account to join the conversation.
- hornbyp
- User
-
Less
More
22 Oct 2020 04:27 #16
by hornbyp
Replied by hornbyp on topic Re: URGENT help with Sonicwall - 2862 VPN
When my 2860 dials my 2830, the next message after the "IKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0"
is one that says: "Accept Phase 1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_MD5" (spelling mistake has been there years![:roll: :roll:](/media/kunena/emoticons/20.png)
)
then the rest of the negotation.
Yours stops dead (timeouts) - so it either gets nothing back from the sonicwall, or something it doesn't like/expect. (I don't know exactly, what the message would say for 3DES)
(So it fails at the first hurdle![:cry: :cry:](/media/kunena/emoticons/19.png)
)
is one that says: "Accept Phase 1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_MD5" (spelling mistake has been there years
![:roll: :roll:](/media/kunena/emoticons/20.png)
then the rest of the negotation.
Yours stops dead (timeouts) - so it either gets nothing back from the sonicwall, or something it doesn't like/expect. (I don't know exactly, what the message would
(So it fails at the first hurdle
![:cry: :cry:](/media/kunena/emoticons/19.png)
Please Log in or Create an account to join the conversation.
- gtpc_ltd
- Topic Author
- User
-
Less
More
22 Oct 2020 04:35 #17
by gtpc_ltd
Replied by gtpc_ltd on topic Re: URGENT help with Sonicwall - 2862 VPN
So a packet monitor on the SW shows ;
37 10/22/2020 04:32:04.496 X1*(i) -- 31.10.**.** 78.32.**.** PPPOE-SES IP 500,500 CONSUMED 254[254]
Comsumed? That doesn't sound good.
37 10/22/2020 04:32:04.496 X1*(i) -- 31.10.**.** 78.32.**.** PPPOE-SES IP 500,500 CONSUMED 254[254]
Comsumed? That doesn't sound good.
Please Log in or Create an account to join the conversation.
- hornbyp
- User
-
Less
More
22 Oct 2020 04:41 #18
by hornbyp
Replied by hornbyp on topic Re: URGENT help with Sonicwall - 2862 VPN
Something from
Wikipedia
...
Is IKE V2 an option? (I've never used it)
The IKE specifications were open to a significant degree of interpretation, bordering on design faults (Dead-Peer-Detection being a case in point[citation needed]), giving rise to different IKE implementations not being able to create an agreed-upon security association at all for many combinations of options, however correctly configured they might appear at either end .
Is IKE V2 an option? (I've never used it)
Please Log in or Create an account to join the conversation.
Copyright © 2024 DrayTek