Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SITE TO SITE VPN CONNECTION ISSUE

hamodhamod Newbie ✭
in MySonicWall

I have NSA 3600 and NSA 2600 and O have set up site to site VPN connection on it. It's been working for almost three weeks and all of a sudden goes down. The connections shows green at both side but no traffic going through. I observed the log and find attached error.

IKEv2 Received delete IPsec SA response

RECEIVED<<< ISAKMP OAK IKEV2_INFORMATIONAL (InitCookie:0xbc4798133c03f4b6 RespCookie:0x50e58b36554ff431, MsgID: 0x3) *(DELETE)

IKEv2 Send delete IPsec SA Request

I've checked and confirmed every settings are okay.

SITE A GENERAL SETTINGS.PNG
General settings site B.PNG
PROPOSAL SITE A.PNG
SITE B PROPOSAL SETTINGS.PNG
IP SITE A.PNG
IP SITE B.PNG
IPSEC ERROR.PNG

Pls note that I have used different proposal and it's all same effect.

I need your expert opinion on resolving this.

Cheers

Category: MySonicWall
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @hamod I faced this situation plenty of times, just make sure that you're running the latest Firmware which is 6.5.4.11 for Gen6. This fixed a lot of issues and most of my VPNs are fine now.

    For the remaining troublesome connections I experienced that IKEv1 (MainMode) is working better than IKEv2, especially if a Router sits in front of the Firewall doing some NAT.

    --Michael@BWC

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @hamod

    If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman (DH) groups 5 or 14, (or higher). Avoid DH group 2.

    DH Group 1 & 2 are do not provide an adequate security level against modern threats and should not be used to protect sensitive information.

    https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf


Sign In or Register to comment.