PIX 501 -> Sonicwall VPN 3030 VPN site-site tunnel problem
having great difficulties in making these 2 hardwares establish a tunnel. The PIX is running 2 other tunnels already and is having no problems there. The remote-client has recently changed to a Sonicwall VPN 3030
and now the tunnel will not work. It seems to be stuck in phase 1 of tunnel negotiations. We have tried pretty much every aspect of changing all sorts of parameters, but to now avail.
The Sonicwall and PIX both seem to be experiencing some sort of timeouts during this phase, as from what we can see in the syslog of both devices.
The debug crypto ipsec on the PIX gives this result:
IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
IPSEC(key_engine_delete_sas): delete all SAs shared with 220.127.116.11
IPSEC(key_engine): got a queue event...
IPSEC(spi_response): getting spi 0x2b0f50a0(722423968) for SA
We are using pre-shared keys. ISAKMP, AH and ESP are enabled on the PIX. It should be the same on the other side, but I would have to check that on the remote-site Sonicwall. Have to ask the person in charge of that firewall.
I guess you might be right here. The firewall is timing out due to not having the right protocols enabled on both sides for completing, or in this case even starting, the authentication process.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :