Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

7.0.1-5111 - IKEv2 not working because of

BWCBWC Cybersecurity Overlord ✭✭✭


did anyone experienced IKEv2 issues, especially in Double NAT situations? I saw this a couple of times, but today a customer migrated from a TZ 500 to a TZ 570 and a former working tunnel to a TZ 270 wasnt coming up anymore.

I did some investigation and the UDP 500 from the TZ 270 arrives at X3 (behind a AVM Fritzbox), but the TZ 570 answers with Source, instead of the X3 IP. A recipe for desaster.

The quick fix was to change from IKEv2 to IKEv1 and the tunnel came up properly.

I had similar cases on Gen6 in the past, but I can't recall seeing as Source which is utterly wrong.

The network is back in production and because it's a remote location further debugging is nearly impossible.

@fmadia @MustafaA @MasterRoshi is this a known issue?


Category: Entry Level Firewalls


  • MustafaAMustafaA SonicWall Employee
    edited April 17

    @BWC , I don't think this is a known issue, based on my internal search.

  • MustafaAMustafaA SonicWall Employee

    @BWC , what firmware is used on the Gen7 firewall? It could be related to "IKEv2 Cookie Notify" settings. If you have a chance to disable this settings and perform a test, that would be great.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @MustafaA the title of this thread gives it away :) ...its 7.0.1-5111 ... but the Cookie is something I looked already into because Wireshark showed it's Cookie related.

    Hopefully the custome is able to test shortly and I'll report back. I already informed another customer with the same exact problem to give it a try.


  • MustafaAMustafaA SonicWall Employee
    edited April 19

    @BWC , the big title fonts are not big enough to catch my eyes :)

    Looking forward to the test result.

Sign In or Register to comment.