Has anyone loaded the IPSec Monitor MMC to see what is going on there?
Might be valuable...
t
http://www.ISAserver.org
Ah, you are stuck at the same point I am. Phase 2 never completes.
I have been unable to devote the time needed to find this.
John Tolmachoff Engineer/Consultant/Owner eServices For You
the oddest-----Original Message----- From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] Sent: Tuesday, September 21, 2004 12:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] Site to Site with Sonicwall
http://www.ISAserver.org
I am setting up the IPSec Tunnel VPN with ISA 2k4 and Sonicwall. I have
things happening with this. I see the tunnel establish on the sonicwalland can see my
network listed as one of the established networks on the Sonicwall Device.When I try
a ping from my ISA server I get a string of "Negotiating IP Security" formy result.
establishing there asWhen I ping from the Sonicwall side I get a no reply.
I look inside of the logs of the Sonicwall logs and see the tunnel
well, but, immediately afterwards I see "IKE Responder: IPSec proposaldoes not
match (Phase 2) IKE Responder: ESP Perfect Forward Secrecy mismatch". Iremoved
Perfect forward secrecy to eliminate that and only received "IKEResponder: IPSec
Generate aproposal does not match (Phase 2)"
For ISA I have 3DES and SHA1 as my Encryption and Integrity Algorithms,
3DES HMACnew key every 3600 seconds. On the Sonicwall I have my Phase 2 Encryption/Authentication set to "Strong Encrypt and Authenticate (ESP
differentSHA1)".
I have tried changing the Phase 2 information just to see if I generate a
error. I get the same error but the tunnel doesn't establish when I dothat.
else I can try?
At this point it feels like so close but yet so far. Any ideas on what
Steve
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx