SSL VPN works for NetExtender but can't configure gvpnc: "connecting", never asks for preshared key

standingduck

I use the global vpn client for some clients and netextender for others. NetExtender never seems to get fixed, often requires a reboot, and so I wanted to try connecting via gvpnc. The firewall is a soho-w. The settings in the firewall for SSL VPN seem to match what the guides suggest. I've read through a number of guides re how to configure the client and haven't had any success. It stays in the "connecting" for a long time and the log shows

2021/02/03 08:43:05:052   Information   <local host>   Restricting first ISAKMP packet size to avoid fragmentation.

2021/02/03 08:43:05:071   Information   xx.xx.xxx.xx   Starting ISAKMP phase 1 negotiation.

2021/02/03 08:43:44:442   Error        xx.xx.xxx.xx   An error occurred.

2021/02/03 08:43:44:443   Error        xx.xx.xxx.xxx   The peer is not responding to phase 1 ISAKMP requests.

It never asks for a the preshared secret or the username/password.

The gvpnc settings for the other firewall that I connect to are just about the same other than the ip address. I'm assuming that if NetExtender can connect to the soho-w, so can the gvpnc. For the other vpn I've always been handed a rcf file to import, so this is my first attempted manual config.

shiprasahu93

@standingduck,

Welcome to the SonicWall community.

SSLVPN used TCP 4433 whereas GVC is an IPSec VPN that used UDP 500 and 4500. I would suggest going through this KB.

https://www.sonicwall.com/support/knowledge-base/the-peer-is-not-responding-to-phase-1-isakmp-requests-error-in-global-vpn-client-gvc/170505733549058/#:~:text=This%20error%20can%20occur%20when,the%20relevant%20version%20of%20GVC.

Also, is this issue taking place for all users or just one?

Thanks!

standingduck

Thanks for the quick reply. It's an experiment, just myself. I don't know much about vpn technology...does SSLVPN imply NetExtender? Does it mean that I can't have the firewall configured to support both NetExtender and gvpnc? The soho-w itself would support gvpnc, correct?

shiprasahu93

Yes, SSLVPN refers to NetExtender. The firewall can support both of them simultaneously. I just wanted to mention that one of them working and not the other can be due to them using different protocols.
Were you able to try the suggestions on the above KB?
Thanks!

standingduck

I did look at the kb, I don't see anything there that applies, but I could be wrong. I do have the restrict packet size turned on.

How to I enable UDP 500 and 4500? The only place UDP is mentioned in the kb is with the vista os which is not involved.

shiprasahu93

@standingduck ,
A good test would be if you test with a different ISP on the client end. VPN traffic sometimes it's blocked on ISP end.
Thanks!

standingduck

But I am able to use gvpnc from here, to a different firewall, I mentioned that. Isn't this a firewall config issue?

shiprasahu93

I'm sorry I missed that. In that case, we would need to run packet captures. Please reach out to our support team for the same.