Sonicwall TZ400 to UDM Pro site-to-site disconnects

PS83Tech

We have a site-to-site VPN set up between two offices. One location uses a UDM Pro (3.2.12) and the other employs a SonicWALL TZ 400 (SonicOS Enhanced 6.5.4.13-105n). Although the initial configuration was successful, the VPN drops intermittently every few weeks. To temporarily resolve this, we disable and then re-enable the 'VPN enabled' option on the SonicWALL, which fixes the issue until it happens again.

Upon inspecting the SonicWALL logs for VPN errors, I encounter the following messages, although they seem to match:

IKE Responder: IKE proposal does not match (Phase 1)

IKE Responder: Phase 1 encryption algorithm does not match

I would assume that if the proposals truly did not match, the connection would not be established at all. I'm open to suggestions. I have tried enabling and disabling PFS, but it has not made any difference.

The connection has remained stable for the last three weeks.

TKWITS

General things to do:

Never post your actual public IPs on a public forum. That's an easy way to get unwanted attention.

Update the firmware on both devices.

Try changing various parameters of the VPN tunnel. IKEv1, DH Group 2, and SHA1 are no longer considered secure by most professionals.

MarkD

Try changing the P1 and P2 lifetime timers - try 3600 (1 hour) on P1 and 288000 so they dont collide

When there is a mismatch, the most common result is that the VPN stops functioning when one site's lifetime expires. The tunnel does not completely rebuild until either the site with an expired lifetime attempts to rebuild, or the longer lifetime fully expires.