Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS 6.5.4.8 -> Mikrotik RouterOS 6.48.3 IKEv2 / PRF

BWCBWC Cybersecurity Overlord ✭✭✭

Hi guys,

while struggling converting an old working configuration from a NSA 3500 over to a NSa 2650 I experienced that SonicOS is handling IKEv2 a bit different than before. The tunnel never comes up and the Mikrotik was complaing about not finding a peer for the provided IKE ID. Which is odd, because the new SNWL was configured exactly the same like before.

To get the tunnel working again I needed to configure the PRF Algorithm on the Mikrotik side:


It was related to the PRF Algorithm which isn't configurable on the SNWL side. AFAIK it has to be the same as configured for Authentication in the SNWL VPN Profile.

Cisco does it in a similar fashion according to this.

Hope this helps if someone else falls into this trap.

--Michael@BWC

Category: Mid Range Firewalls
Reply
Tagged:

Comments

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @BWC

    Ruckus also I noticed that integrity & PRF algorithm should be same for connecting to the Sonicwall IKeV2 proposal.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Ajishlal good to know will keep this in mind.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Quick side note: Configuring PRF algorithm on Mikrotik is new with Firmware 6.48. Prior versions working without any trouble.

    I had a few RouterOS 6.47.x instances running and the update to 6.48 made the change necessary. So be aware when updating RouterOS.

    --Michael@BWC

Sign In or Register to comment.