I’ve got a Sonicwall Pro (firmware 6.1.2) that already has the GroupVPN SA configured for OS 9 clients using PGP as the VPN client (PGP requires MD5 instead of SHA1).
I set up my own SA for use with VaporSec. The remote network in the VaporSec SA was defined specifically for the VaporSec client I was using. The config was similar to that in the Flying Racoons 3 screenshot, except that I don’t get an option to change the DH group on my Sonicwall.
The Sonicwall reported that the Phase 1 IKE wasn’t getting a response fron the client.
The system log from the client reported the following:
A.A.A.A = IP address assigned to my machine by my ISP
B.B.B.B = IP address of the Sonicwall
racoon: INFO: isakmp.c:1681:isakmp_post_acquire(): IPsec-SA request for B.B.B.B queued due to no phase1 found.
racoon: INFO: isakmp.c:795:isakmp_ph1begin_i(): initiate new phase 1 negotiation: A.A.A.A[500]<=>B.B.B.B[500]
racoon: INFO: isakmp.c:800:isakmp_ph1begin_i(): begin Identity Protection mode.
racoon: ERROR: ipsec_doi.c:2968:ipsecdoi_checkid1(): Expecting IP address type in main mode, but User_FQDN.
racoon: ERROR: isakmp_ident.c:620:ident_i4recv(): invalid ID payload.
racoon: ERROR: isakmp.c:1773:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP B.B.B.B->A.A.A.A
I’m assuming there’s a misconfiguration, but I can’t figure out what is going wrong. Any help you can give is greatly appreciated.
.
