cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3678
Views
0
Helpful
26
Replies

Site to Site VPN

Sharath Rajan
Level 1
Level 1

Dears 

 

Please help me to get it fix site to site vpn with FCM7.0.1 added FTD6.4 to SonicWALL

IKEV2 SHA256/AES-256/DH-2 Lifetime 28800 already tried tunnel is not up still  

26 Replies 26

Can you ping sonicwall ? 

No ,Not able to ping not showing tunnel up 

is ICMP blocked in the path?

If not, then they must be replying to ping, if they are not then this is a communication issue to resolve first and then into the ipsec

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Dear Singh 

 

What type of communication Error do you feel please ,

Internet is working as fine inside to Outside hope NAT also ,

Access policy default Blocking all traffic but specifically opened  (all access LAN to VPN /VPN to LAN )

will share the Access policy please look on it 

What I meant was are you able to reach the external IP address of both Devices in question from each other?

Another test we can perform is : if this box is not in production, can you revert to Ikev1 and then test if this is working

OR

Do this :

1. Login to  FTD CLI

2. Go into diagnostic mode by typing system support diagnostic-cli and then hit enter

3. Start debug (debugs are heavy sometimes for prod , so a condition is good) : a) put a condition for peer by typing

a)debug crypto condition peer <SONICWALL FIREWALL EXTERNAL IP>

b) debug crypto ikev2 platform 127

c) debug crypto ikev2 protocol 127

 

This should give you the output about what is happening in exchange of first few packets

 

 

 

 

 

 

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Dear Singh

Please look my FTD is not going to diagnostic cli

while I enter the command its still in enable mode 

anything am I do wrong entry 

Debug just enter 

Sorry for my lack of Knowledge there is no any response on screen 

SinghRaminder
Level 1
Level 1

my initial thought is the same, are they reachable 
also i see that you have pfs enabled on FTD but not on Sonicwall side, although PFS comes into play for phase 2, can you make them same as well

 

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Sharath Rajan
Level 1
Level 1

Hello Please 

Look on my Packet tracer to destination 

 

 

SinghRaminder
Level 1
Level 1

Hello Sharath, as i showed you the changes we made were good, the Integrity and PRF on FTD needs to match with Integrity on the Sonicwall, Sonicawall does not have any setting for PRF, it takes the value from Integrity

In order to test the tunnel, generate some traffic and as i showed you, it worked.

 

 

****

Please accept this as solution if this resolved your problem

 

Thanks

Raminder

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Dear Singh 

 

 

THANK YOU SO MUCH THE KIND SUPPORT 

YOU DONE IT WELL DONE 

THAKS AGAIN