1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with Site to Site VPN

Discussion in 'Networks' started by gosh1976, May 15, 2011.

  1. gosh1976

    gosh1976 Kilobyte Poster

    337
    18
    35
    I posted this on another forum but there are some knowledgeable that don't post over there so I am gonna post it here too!

    I am trying to set up a site to site vpn connection and my knowledge is a bit limited. On one side there is a sonicwall nsa 240. The DSL modem on this side is in bridged mode with the sonicwall doing nat & dhcp.

    On the other side there is a Zywall 2 plus. I don't even know if this will work the way that the network is set up on this side. The DSL modem is not in bridged mode and is doing NAT & DHCP with a 10.0.0.0/24 network. The dsl modem is doing port forwarding with ports 500, 4500, 443. Then the zywall is doing dhcp as well with a 172.16.17.0/24 subnet.

    The keys match on both sides and phase1 is set up with Main mode; 3des encryption, sha1 authentication, 28800 SA life time, DH1 key group. phase 2 is using tunnel encapsulation mode, esp active protocol, 3des encryption, sha1 authentication 28800, pfs is not enabled. Nat traversal is currently selected on both sides and I'm not sure if that is right heck I'm not even sure if it it will work at all with the network set up like that.

    Any tips will be greatly appreciated.
     
    Certifications: A+, Net+, MCDST, CCENT, MCTS: Win 7 Configuring, CCNA
  2. gosh1976

    gosh1976 Kilobyte Poster

    337
    18
    35
    The sonicwall logs are showing an proposed ike id mismatch- local id type: ip address remote id type: FQDN but they are both set to ip on both sides
     
    Certifications: A+, Net+, MCDST, CCENT, MCTS: Win 7 Configuring, CCNA
  3. gosh1976

    gosh1976 Kilobyte Poster

    337
    18
    35
    I guess nobody had any ideas! :) Well, I'm not sure if it should have worked but the double NAT was messing it up. As soon as I switched things up took the Zywall out of it and set up the edge device to handle the VPN everything worked a charm. This is the headache of networks inherited from other companies. I never would have set it up like that in the first place.
     
    Certifications: A+, Net+, MCDST, CCENT, MCTS: Win 7 Configuring, CCNA

Share This Page

Loading...