While creating IPSec VPN between NSA4700 & Tz370, i am getting below error.
AmanChanpura Newbie ✭
MessageIKEv2 Peer is not responding. Negotiation aborted.
NotesVPN Policy: Cymax DC; Falied 5 retries; IKEv2 InitSPI: 0x5d337bda9cc2ec5b; IKEv2 RespSPI: 0x0000000000000000
I have double check General tab & proposal tab for authentication requirement, settings are identical on both firewall's VPN setting. Any idea?
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
No responses at all suggests wrong public IP at one end or the other. Does a packet capture show IPsec traffic arriving?
Can you post here the both end configuration for identifying the exact issue?
Is there any back end ISP modem any one of the location? which can block the VPN traffic.
@AJISHLAL yes, it other end (HQ) has ISP modem is connected to, whereas second end is DC firewall.
We have /30 public IP purchased for HQ Site, and setup WAN IPs for ISP Router & Sonicwall TZ370 as well.
Did you check the ISP modem is passing the VPN traffic?
The ISP modem working as Bridge Mode or NAT?
It is working as NAT.
In that case, do the port forwarding from ISP modem to the Sonicwall for the below listed ports;
IPSec VPN is a layer 3 protocol that communicates over IP protocol 50, Encapsulating Security Payload (ESP). It might also require UDP port 500 for Internet Key Exchange (IKE) to manage encryption keys, and UDP port 4500 for IPSec NAT-Traversal (NAT-T).
Hi @Ajishlal is there any way i can reach out to you directly?
I am bit confused over here. do i have to do port forwarding on Sonicwall or on ISP modem?
on the ISP router/modem
Or just have the ISP change the device to bridge mode as Ajishlal mentioned. Much easier than having to deal with double NAT.
Hi @Ajishlal & @TKWITS - thanks for your guidance, issue has been resolved now.
happy to hear that your subjected issue is solved & mark the answer for helping other people.