Topic: SonicWall VPN Client ???

[Ben Chapman]

Ritchie Logan wrote:

[snipped instructions; following two lines needed in e-smith 5.1.2 to enable IPSEC passthru]

 > /sbin/e-smith/db configuration setprop masq ipsec yes
 > /sbin/e-smith/signal-event remoteaccess-update
 
I can confirm that this works like a charm using the Cisco VPN client, just in case anyone is using that one. I'm using the Cisco Systems VPN Client version 3.5(A) on a Windows 2000 machine that connects (via wireless) to an e-smith 5.1.2 (with update 1) servergateway machine connected to the net via cable.

Thanks to Mr. Logan for this information!

Ben Chapman

[m_aaz_AT_yahoo.com]

Hi Richie,

Thanks for your help.

I'm using sonicwall for work vpn connection.
I've done the two commands you are giving us them checked my ipchains and i have.

2 chains corresponding to the above rules:
ACCEPT ipv6-crypt---0.0.0.0/0 n/a
ACCEPT udp ------ 0.0.0.0/0 500 -> 500

Enter manuelly wins@work and my dns them Actived SonicWall.

this Sonicwall logs:

14:20:10.648 Interface added: 10.1.1.83
14:20:30.606  
14:20:30.606 MyServer@work - Initiating IKE Phase 1 (IP ADDR=MyDMZ_IP_Range)
14:20:30.606 MyServer@work - SENDING>>>> ISAKMP OAK MM (SA)
14:20:46.489 MyServer@work - message not received! Retransmitting!
14:20:46.489 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:21:01.541 MyServer@work - message not received! Retransmitting!
14:21:01.541 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:21:16.592 MyServer@work - message not received! Retransmitting!
14:21:16.592 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:21:31.644 MyServer@work - Exceeded 3 IKE SA negotiation attempts
14:21:34.869  
14:21:34.869 MyServer@work - Initiating IKE Phase 1 (IP ADDR=MyDMZ_IP_Range)
14:21:34.869 MyServer@work - SENDING>>>> ISAKMP OAK MM (SA)
14:21:50.702 MyServer@work - message not received! Retransmitting!
14:21:50.702 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:22:05.753 MyServer@work - message not received! Retransmitting!
14:22:05.753 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:22:20.805 MyServer@work - message not received! Retransmitting!
14:22:20.805 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:22:35.856 MyServer@work - Exceeded 3 IKE SA negotiation attempts
14:24:30.601  
14:24:30.601 MyServer@work - Initiating IKE Phase 1 (IP ADDR=MyDMZ_IP_Range)
14:24:30.601 MyServer@work - SENDING>>>> ISAKMP OAK MM (SA)
14:24:46.324 MyServer@work - message not received! Retransmitting!
14:24:46.324 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:25:01.356 MyServer@work - message not received! Retransmitting!
14:25:01.356 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:25:16.417 MyServer@work - message not received! Retransmitting!
14:25:16.417 MyServer@work - SENDING>>>> ISAKMP OAK MM (Retransmission)
14:25:31.459 MyServer@work - Exceeded 3 IKE SA negotiation attempts

No connection established...

I'm not good with sonicwall advanced config. If anyone could give a hint to make
work it'll be appreciated.

Thankx.

maaz.

[maz_AT_mymail.net]

Hello Everyone,

Extra-info from aa tcpdump:

17:52:17.554706 MyRemoteNetIp.500 > MyExternalIp.500: isakmp: phase 1 R ident: [|sa]
17:52:17.554917 MyExternalIp > MyRemoteNetIp: icmp: MyExternalIp udp port 500 unreachable [tos 0xc0]
17:52:17.762253 MyExternalIp.61929 > MyRemoteNetIp.500: isakmp: phase 1 I ident: [|sa]
17:52:32.815881 MyExternalIp.61929 > MyRemoteNetIp.500: isakmp: phase 1 I ident: [|sa]
17:52:32.965860 MyRemoteNetIp.500 > MyExternalIp.500: isakmp: phase 1 R ident: [|sa]
17:52:32.966052 MyExternalIp > MyRemoteNetIp: icmp: MyExternalIp udp port 500 unreachable [tos 0xc0]
17:52:47.950091 MyRemoteNetIp.500 > MyExternalIp.500: isakmp: phase 1 R ident: [|sa]
17:52:47.950292 MyExternalIp > MyRemoteNetIp: icmp: MyExternalIp udp port 500 unreachable [tos 0xc0]


Thankx again,

Maaz