cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3670
Views
0
Helpful
26
Replies

Site to Site VPN

Sharath Rajan
Level 1
Level 1

Dears 

 

Please help me to get it fix site to site vpn with FCM7.0.1 added FTD6.4 to SonicWALL

IKEV2 SHA256/AES-256/DH-2 Lifetime 28800 already tried tunnel is not up still  

1 Accepted Solution

Accepted Solutions

SinghRaminder
Level 1
Level 1

Hello Sharath, as i showed you the changes we made were good, the Integrity and PRF on FTD needs to match with Integrity on the Sonicwall, Sonicawall does not have any setting for PRF, it takes the value from Integrity

In order to test the tunnel, generate some traffic and as i showed you, it worked.

 

 

****

Please accept this as solution if this resolved your problem

 

Thanks

Raminder

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

View solution in original post

26 Replies 26

do you config 
PFS and DH group ? if not please config it.

Yes its configured no luck to handshake the policy


Sha256/Aes256/dh (2,5,14) ikev2 tried


Pfs and dh group is config in phase II.

Its done in phase2 .
Both firewall pfs enabled and dh (2/4/5/14)all tried one by one its not
working

sorry this for IKEv1 below the link for IKEv2.
https://bluenetsec.com/cisco-fmc-site-to-site-vpn/

check this link are you do same steps?

Hi 

Thank you 

 

these steps already tried IKEv1 with Mainmode of saonicwall result was failed 

Please help me experts these all my configuration 

 

SinghRaminder
Level 1
Level 1

provide the output from FTD cli:

show crypto isa sa

 

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Thank you done the command 

reply is 

Hi Thank you 

this link FDT with ASA 

but mine FDT with SonicWALL I tried these all proposals and PRF is not showing   in Sonicwall 

SinghRaminder
Level 1
Level 1

Hello Sharath

AFAIK Sonic Wall does not have the option to specify PRF. it will use the same algorithm you used for Integrity in phase 1 for PRF as well

Since your phase 1 is not coming up, it means they are not agreeing on parameters. 

Can you provide the output here : show run crypto ikev2 

and check the parameters you using for Sonicwall connection and make sure to make the prf value on the FTD the same as integity value used on both sides.

For example :

crypto ikev2 policy 10
encryption aes256
integrity sha256
group14
prf sha256
lifetime seconds 86400

 

Make sure Integrity on Sonicwall is set to SHA256 as well

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Dear Singh 

Thank you ,Please look on the share post here FMC-FDT and SonicWALL Proposals 

still not responding the tunnel for up .