Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

IPSec VPN Issues (after upgrade to 7.0.1-5018)

We have a TZ470 with two IPSec IKEv2 Tunnel running to two different 3rd-Party firewalls. We have had both tunnels running with the 7.0.1-R1456 firmware. After the upgrade to 7.0.1 both tunnels are not working anymore. We get the errors below. In the package monitor, I can also see the TZ respond with a message "no proposal chosen". All the things we see indicate a mismatch of phase 1 proposals, which makes no sense to us.

What we find strange is that we did not change anything at the config on any side of a tunnel. we also deleted the policies and re-created them.



Category: Entry Level Firewalls
Reply

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @Teleporter

    recommended to downgrade to the working Firmware until you get the fix or patch from support.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Clearly the responder doesn't like your IKE ID... Try changing it to the documented settings (you have them documented right?) or just your WAN IP address. Ask the third party to see what the firewall is sending as its IKE ID and what its expecting.

    Other wise follow Ajishals recommendation.

  • TeleporterTeleporter Newbie ✭

    Thanks a lot @TKWITS

    In fact when I change the Peer ID of a working tunnel, I get pretty similar results. We will to talk to the people managing the 3rd-party firewalls.

  • We have tried many many many things now. The only way that brought us one of the tunnels back to work was a downgrade to R1296, deleting a tunnel and creating it again. The other tunnel is still not working properly, for reasons we don't know...

  • AjishlalAjishlal Community Legend ✭✭✭✭✭
  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    @Teleporter Have you updated to the latest 5030 firmware yet? Any VPN issues?

Sign In or Register to comment.