VPN site to site dont work before internet down
AntonioProinfo
Newbie ✭
Hi to all,
i have a main Firewall NSA3600 with 8 VPN connection all working well except one.
Before a internet down in a branch when the internet come up the site to site vpn not...
I try to delete a recreate (copying the configuration) and a bunch of config but doesnt work, I reset the branch Sonicwall and nothing.
The shared key are equal in both firewall with the enable keep alive on bth too
When I go to see the log y see that
17:46:42 May 21406VPNWarningReceived packet retransmission. Drop duplicate packet 17:46:41 May 21414VPNInformReceived notify: INVALID_COOKIES 17:46:41 May 21605VPNWarningReceived unencrypted packet in crypto active state 17:46:41 May 21414VPNInformReceived notify: INVALID_COOKIES 17:46:41 May 21605VPNWarningReceived unencrypted packet in crypto active state 17:46:41 May 21352VPNInformIKE Responder: Received Quick Mode Request (Phase 2)
Please i try everything anyone can help me?
Category: Entry Level Firewalls
0
Answers
Hi @AntonioProinfo
Most probably this issue due to the ISP MTU mismatch but there are other chances also. It is well explained in below KB.
Hi @ANTONIOPROINFO,
Thank you for visiting SonicWall Community.
I would recommend you to enable Keep alive on only one of the firewalls. This will create a situation where firewall one of the firewall acts as initiator and the other as responder. When keep alive is enabled on both the firewalls, both would start initiating the packets and such scenario would happen.
I would also recommend you to perform packet capture on the SonicWalls between these two sites on UDP 500, 4500 port numbers to identify packets between these sites are exchanged. Below is the packet capture reference link for your view.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services