Full Mesh VPN Tunnels with NSM
DPhillips
Newbie ✭
Trying to create a full mesh between 3 firewalls to test before trying to mesh 20+ together. We keep getting an error on one side of the tunnel creation: "Command 'keep-alive' does not match". A search for this does not return any results anywhere we have looked.
We first tried a point to point and that worked.
We have also tried using ipv4 addresses for the local IKE instead of firewall IDs. NO luck.
The json that Sonicwall auto created is below. Any ideas? Is this a bug?
{
"vpn": {
"policy": [
{
"ipv4": {
"site_to_site": {
"apply_nat": false,
"auth_method": {
"shared_secret": {
"ike_id": {
"local": {
"firewall_id": "XXXXXXXXXX98"
},
"peer": {
"firewall_id": "XXXXXXXXXXC0"
}
},
"shared_secret": "******"
}
},
"bound_to": {
"interface": "X1"
},
"default_lan_gateway": "0.0.0.0",
"enable": true,
"gateway": {
"primary": "0.0.0.0",
"secondary": "0.0.0.0"
},
"keep_alive": true,
"management": {
"http": false,
"https": false,
"snmp": false,
"ssh": false
},
"name": "ST1694629305-B430C0-B42698",
"netbios": false,
"network": {
"local": {
"name": "TGU LAN"
},
"remote": {
"destination_network": {
"name": "TFR LAN-Full M-2CB8EDB430C0"
}
}
},
"proposal": {
"ike": {
"authentication": "sha-1",
"dh_group": "2",
"encryption": "aes-128",
"exchange": "ikev2",
"lifetime": 28800
},
"ipsec": {
"authentication": {
"sha_1": true
},
"encryption": {
"aes_192": true
},
"lifetime": 28800,
"perfect_forward_secrecy": {},
"protocol": "esp"
}
},
"suppress_auto_add_rule": false,
"user_login": {
"http": false,
"https": false
}
}
}
}
]
}
}
Answers
Support Case 44335834 - NSM SaaS - Problem creating VPN tunnel