05-11-2022 08:11 AM
Dears
Please help me to get it fix site to site vpn with FCM7.0.1 added FTD6.4 to SonicWALL
IKEV2 SHA256/AES-256/DH-2 Lifetime 28800 already tried tunnel is not up still
Solved! Go to Solution.
05-13-2022 09:27 AM - edited 05-13-2022 10:09 AM
Hello Sharath, as i showed you the changes we made were good, the Integrity and PRF on FTD needs to match with Integrity on the Sonicwall, Sonicawall does not have any setting for PRF, it takes the value from Integrity
In order to test the tunnel, generate some traffic and as i showed you, it worked.
****
Please accept this as solution if this resolved your problem
Thanks
Raminder
05-11-2022 08:34 AM
do you config
PFS and DH group ? if not please config it.
05-11-2022 09:17 AM
05-11-2022 09:27 AM
Pfs and dh group is config in phase II.
05-11-2022 09:40 AM
05-11-2022 10:12 AM - edited 05-11-2022 04:06 PM
sorry this for IKEv1 below the link for IKEv2.
https://bluenetsec.com/cisco-fmc-site-to-site-vpn/
check this link are you do same steps?
05-11-2022 11:04 PM
Hi
Thank you
these steps already tried IKEv1 with Mainmode of saonicwall result was failed
05-11-2022 11:22 PM
05-11-2022 11:28 PM
05-11-2022 03:23 PM
provide the output from FTD cli:
show crypto isa sa
05-11-2022 11:06 PM
05-11-2022 04:06 PM
Hi friend this for IKEv2
check the step
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470-site-to-site-vpn-configuration-on-ftd-ma.html
05-11-2022 11:05 PM
Hi Thank you
this link FDT with ASA
but mine FDT with SonicWALL I tried these all proposals and PRF is not showing in Sonicwall
05-12-2022 03:19 AM
Hello Sharath
AFAIK Sonic Wall does not have the option to specify PRF. it will use the same algorithm you used for Integrity in phase 1 for PRF as well
Since your phase 1 is not coming up, it means they are not agreeing on parameters.
Can you provide the output here : show run crypto ikev2
and check the parameters you using for Sonicwall connection and make sure to make the prf value on the FTD the same as integity value used on both sides.
For example :
crypto ikev2 policy 10
encryption aes256
integrity sha256
group14
prf sha256
lifetime seconds 86400
Make sure Integrity on Sonicwall is set to SHA256 as well
05-12-2022 04:27 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide