First time using this monitor, does the Negotiating have to stop in order to get results? My ping never stops "Negotiating IP Security". Steve -----Original Message----- From: Thor [mailto:thor@xxxxxxxxxxxxxxx] Sent: Tuesday, September 21, 2004 5:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Site to Site with Sonicwall http://www.ISAserver.org Has anyone loaded the IPSec Monitor MMC to see what is going on there? Might be valuable... t ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 21, 2004 1:12 PM Subject: [isalist] RE: Site to Site with Sonicwall http://www.ISAserver.org Ah, you are stuck at the same point I am. Phase 2 never completes. I have been unable to devote the time needed to find this. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx] > Sent: Tuesday, September 21, 2004 12:39 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Site to Site with Sonicwall > > http://www.ISAserver.org > > I am setting up the IPSec Tunnel VPN with ISA 2k4 and Sonicwall. I have the oddest > things happening with this. I see the tunnel establish on the sonicwall and can see my > network listed as one of the established networks on the Sonicwall Device. When I try > a ping from my ISA server I get a string of "Negotiating IP Security" for my result. > When I ping from the Sonicwall side I get a no reply. > > I look inside of the logs of the Sonicwall logs and see the tunnel establishing there as > well, but, immediately afterwards I see "IKE Responder: IPSec proposal does not > match (Phase 2) IKE Responder: ESP Perfect Forward Secrecy mismatch". I removed > Perfect forward secrecy to eliminate that and only received "IKE Responder: IPSec > proposal does not match (Phase 2)" > > For ISA I have 3DES and SHA1 as my Encryption and Integrity Algorithms, Generate a > new key every 3600 seconds. On the Sonicwall I have my Phase 2 > Encryption/Authentication set to "Strong Encrypt and Authenticate (ESP 3DES HMAC > SHA1)". > > I have tried changing the Phase 2 information just to see if I generate a different > error. I get the same error but the tunnel doesn't establish when I do that. > > At this point it feels like so close but yet so far. Any ideas on what else I can try? > > > Steve > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sherrera@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx