RE: Site to Site with Sonicwall
- From: "Stephen Herrera" <sherrera@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Sep 2004 09:35:07 -0700
First time using this monitor, does the Negotiating have to stop in order to
get results? My ping never stops "Negotiating IP Security".
Steve
-----Original Message-----
From: Thor [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Tuesday, September 21, 2004 5:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Site to Site with Sonicwall
http://www.ISAserver.org
Has anyone loaded the IPSec Monitor MMC to see what is going on there?
Might be valuable...
t
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 21, 2004 1:12 PM
Subject: [isalist] RE: Site to Site with Sonicwall
http://www.ISAserver.org
Ah, you are stuck at the same point I am. Phase 2 never completes.
I have been unable to devote the time needed to find this.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: Stephen Herrera [mailto:sherrera@xxxxxxxxxx]
> Sent: Tuesday, September 21, 2004 12:39 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Site to Site with Sonicwall
>
> http://www.ISAserver.org
>
> I am setting up the IPSec Tunnel VPN with ISA 2k4 and Sonicwall. I have
the oddest
> things happening with this. I see the tunnel establish on the sonicwall
and can see my
> network listed as one of the established networks on the Sonicwall Device.
When I try
> a ping from my ISA server I get a string of "Negotiating IP Security" for
my result.
> When I ping from the Sonicwall side I get a no reply.
>
> I look inside of the logs of the Sonicwall logs and see the tunnel
establishing there as
> well, but, immediately afterwards I see "IKE Responder: IPSec proposal
does not
> match (Phase 2) IKE Responder: ESP Perfect Forward Secrecy mismatch". I
removed
> Perfect forward secrecy to eliminate that and only received "IKE
Responder: IPSec
> proposal does not match (Phase 2)"
>
> For ISA I have 3DES and SHA1 as my Encryption and Integrity Algorithms,
Generate a
> new key every 3600 seconds. On the Sonicwall I have my Phase 2
> Encryption/Authentication set to "Strong Encrypt and Authenticate (ESP
3DES HMAC
> SHA1)".
>
> I have tried changing the Phase 2 information just to see if I generate a
different
> error. I get the same error but the tunnel doesn't establish when I do
that.
>
> At this point it feels like so close but yet so far. Any ideas on what
else I can try?
>
>
> Steve
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sherrera@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
