Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

VPN ISSUE after changing WAN IP

mimizmimiz Newbie ✭
in Entry Level Firewalls

hello !

I have a very strange problem with a site-to-site vpn on two sonicwalls that I manage, the vpn worked very well until then, we had a little problem with our fiber, we had to use a 4G box with a fixed public ip address , which has no problem, we have switched all our equipment to this public ip address (mail server, etc.)

on the other hand, the vpn sites to existing sites no longer work with the new public ip address, the logs of the remote sonicwall indicate:

IKEv2 Initiator: Remote party Timeout - Retransmitting IKEv2 Request.

IKEv2 Initiator: Received IKE_SA_INT response

IKEv2 Received notify error payload

VPN Policy: No Proposal Chosen

i haven't made any change , i only changed the public ip adress

any idea ?

Category: Entry Level Firewalls
Reply

Answers

  • Options
    MustafaAMustafaA SonicWall Employee
    edited June 2023

    @mimiz , have you changed the Peer Gateway Address config for the site to site VPN, unless it is domain name based?

    image.png


  • Options
    mimizmimiz Newbie ✭

    Hello ! thanks for your answer, of course, i changed the Primary gateway of the peer, i also changed the Local and the peer IKE ID, i chose the IPv4 adress instead of the firewalls identifier, thinking that with ip addresses it would work better, but it's still the same error message

  • Options
    mimizmimiz Newbie ✭

    today i made changes ,i completly changed the parameters, i chose main mode, changed the phase 1 and phase 2 proposals, but it still dont work.

    on the local firewall, there is no log relating to this VPN connection, on the other hand on the remote firewall this time I no longer have a "No Proposal Chosen" message but I have a message:

    IKE Initiator: Remote party Timeout - Retransmitting IKE Request.

    I suspect a local firewall rule that forces the vpn to the ip address that is no longer accessible, or something like that; do you have any tips for me?

    thanks!

  • Options
    MustafaAMustafaA SonicWall Employee

    "IKE Initiator: Remote party Timeout - Retransmitting IKE Request." This means that the VPN initiator is sending the IKE traffic to the peer gateway, and does not get any response back. This is usually an indication of an ISP issue. The best next step is probably to trace the UDP500/4500 traffic with Packet Monitor. This should certainly give an idea if the traffic is reaching to the peer gateway SonicWall firewall.

  • Options
    mimizmimiz Newbie ✭

    hello, thanks for your answer, i'm newbae in sonicwall firewalls,

    can you give me the steps to follow for this operation or share me a KB to follow to do it?

    thanks!

  • Options
    prestonpreston Enthusiast ✭✭

    Hi @mimiz , check with your 4G provider or 4G router and verify that IKE udp 500 or UDP 4500 is not being blocked.

  • Options
    MustafaAMustafaA SonicWall Employee

    How can I setup and utilize the Packet Monitor feature for troubleshooting?

    https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627

  • Options
    mimizmimiz Newbie ✭

    hello !! thanks for your answers;

    the solution that worked for me was : delete the complete vpn , and rebuild it with main mode config and ipv4 identifiers

    thank you

Sign In or Register to comment.