Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

While creating IPSec VPN between NSA4700 & Tz370, i am getting below error.

MessageIKEv2 Peer is not responding. Negotiation aborted.

NotesVPN Policy: Cymax DC; Falied 5 retries; IKEv2 InitSPI: 0x5d337bda9cc2ec5b; IKEv2 RespSPI: 0x0000000000000000


I have double check General tab & proposal tab for authentication requirement, settings are identical on both firewall's VPN setting. Any idea?

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    No responses at all suggests wrong public IP at one end or the other. Does a packet capture show IPsec traffic arriving?

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @AmanChanpura ,

    Can you post here the both end configuration for identifying the exact issue?

    Is there any back end ISP modem any one of the location? which can block the VPN traffic.

  • @AJISHLAL yes, it other end (HQ) has ISP modem is connected to, whereas second end is DC firewall.

    We have /30 public IP purchased for HQ Site, and setup WAN IPs for ISP Router & Sonicwall TZ370 as well.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @AmanChanpura

    Did you check the ISP modem is passing the VPN traffic?

    The ISP modem working as Bridge Mode or NAT?

  • It is working as NAT.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @AmanChanpura ,

    In that case, do the port forwarding from ISP modem to the Sonicwall for the below listed ports;

    IPSec VPN is a layer 3 protocol that communicates over IP protocol 50, Encapsulating Security Payload (ESP). It might also require UDP port 500 for Internet Key Exchange (IKE) to manage encryption keys, and UDP port 4500 for IPSec NAT-Traversal (NAT-T).

  • Hi @Ajishlal is there any way i can reach out to you directly?

    I am bit confused over here. do i have to do port forwarding on Sonicwall or on ISP modem?

  • MarkDMarkD Cybersecurity Overlord ✭✭✭
    edited April 2023
  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Or just have the ISP change the device to bridge mode as Ajishlal mentioned. Much easier than having to deal with double NAT.

  • Hi @Ajishlal & @TKWITS - thanks for your guidance, issue has been resolved now.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @AmanChanpura

    happy to hear that your subjected issue is solved & mark the answer for helping other people.

Sign In or Register to comment.