Site to Site VPN configuration troubleshooting - TZ 570 and TZ270
I've been setting up a site-to-site VPN on a pair of sonicwalls, both running Sonicos7+, and can't seem to get them to connect - or figure out how/where to dig deeper in logs to troubleshoot.
Remote site (main) has comcast business with a true static IP, test site has residential comcast on a dynamic IP. I've created a identical site to site VPN policy on both sonicwalls, IKE using PSK, PSKs match, Local and remote IKE FirewallIDs match and correspond to each other.
Proposals match (aggressive, group 5, AES 128, sha1), and I have the main site primary FQDN set as the IPSec gateway on the test site, 'keep alive' enabled, with the main site IPsec gateway just set up as 0.0.0.0 (since the test site has a dynamic IP)(edited)
The S2S VPN policy is enabled, and I've set VPN log levels to 'debug' to try and figure out what is keeping this thing from working. On the VPN status page, it just doesn't seem to do anything, no green disc like when I've set this up dozens of times before.
In the logs on the test site firewall, I just get one thing "Event 358 VPN Inform, IKE Initiator: Start Aggressive Mode negotiation (Phase 1) <source IP, remote IP, port 500 UDP>" and then after that, "IKE Initiator: Remote party Timeout - Retransmitting IKE Request." but no other errors.
On the main site's logs, nothing shows up - no evidence the negotiation is even beginning. But I've also never tried to troubleshoot site to site vpns using logs before, so maybe I don't have the right logging levels enabled?
Also, just for more information on my test site, I'm using a sonicwall plugged into a sonicwall to simulate being behind an unknown NAT device. But I've also plugged my test site's X1 port directly into the comcast modem to rule out those NAT-behind-NAT issues, but still no go.
anyways, figured it might be one of those 'type it out and the answer will come to you' type situations, thanks for reading my wall of text. if anyone has any ideas, or can point me to better resources on how to dive deeper on IKE negotiation logs, I've googled the heck out of it and haven't found much.