Our VPN is down at two sites

workaccount

We have two sites here. Both VPNs are down.

The remote VPNS are coming from zxtel DSL routers into our sonicwall concentrator.

The VPNs are not working and ive tried restarting the zxtel boxes but it didn't change anything. None of the settings have changed. I have also tried disabling and re-enabling the VPNS both remote and local. The concentrator is def working fine because we have numerous other sites and their vpns are working.

Workstations can ping the local zxtel and the web interface can be accessed over the WAN ip.

What could be wrong?


Im just looking at the sonicwall now and it says the vpn is not active (no green light). Perhaps I need to activate this or should they just negotiate when the remote router tries to connect?

workaccount

Ok,

Heres the error im getting on the sonicwall....
Received unencrypted packet in crypto active state (from remote router to sonicwall)


I am also getting
IKE Responder: Remote party timeout - Retransmitting IKE request (from sonicwall to remote router) and then Received unencrypted packet in crypto active state (from remote router to sonicwall)

WizZard

If you're using a Shared Secret try changing it. I've got some Sonicwall boxes here that have unique quirks (but that usually works when a VPN is acting up)

Is there any NAT traversal happening between the endpoints?

_CreeD_

Aye initial authentication is likely the issue. But to be sure verify all stages of the IPSEC policy SA and Proposals match on both ends. How do you authenticate, do you use remote access accounts for the sites or full site-site? Is it a common key used for all remote sites or are they unique?