Solved: Site to Site VPN - Page 2

Sharath Rajan · ‎05-11-2022

Dears

Please help me to get it fix site to site vpn with FCM7.0.1 added FTD6.4 to SonicWALL

IKEV2 SHA256/AES-256/DH-2 Lifetime 28800 already tried tunnel is not up still

MHM Cisco World · ‎05-12-2022

Can you ping sonicwall ?

Sharath Rajan · ‎05-12-2022

No ,Not able to ping not showing tunnel up

SinghRaminder · ‎05-12-2022

is ICMP blocked in the path?

If not, then they must be replying to ping, if they are not then this is a communication issue to resolve first and then into the ipsec

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Sharath Rajan · ‎05-12-2022

Dear Singh

What type of communication Error do you feel please ,

Internet is working as fine inside to Outside hope NAT also ,

Access policy default Blocking all traffic but specifically opened (all access LAN to VPN /VPN to LAN )

will share the Access policy please look on it

SinghRaminder · ‎05-12-2022

What I meant was are you able to reach the external IP address of both Devices in question from each other?

Another test we can perform is : if this box is not in production, can you revert to Ikev1 and then test if this is working

OR

Do this :

1. Login to FTD CLI

2. Go into diagnostic mode by typing system support diagnostic-cli and then hit enter

3. Start debug (debugs are heavy sometimes for prod , so a condition is good) : a) put a condition for peer by typing

a)debug crypto condition peer <SONICWALL FIREWALL EXTERNAL IP>

b) debug crypto ikev2 platform 127

c) debug crypto ikev2 protocol 127

This should give you the output about what is happening in exchange of first few packets

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Sharath Rajan · ‎05-12-2022

Dear Singh

Please look my FTD is not going to diagnostic cli

while I enter the command its still in enable mode

anything am I do wrong entry

Sharath Rajan · ‎05-12-2022

Debug just enter

Sorry for my lack of Knowledge there is no any response on screen

SinghRaminder · ‎05-12-2022

my initial thought is the same, are they reachable
also i see that you have pfs enabled on FTD but not on Sonicwall side, although PFS comes into play for phase 2, can you make them same as well

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Sharath Rajan · ‎05-12-2022

Hello Please

Look on my Packet tracer to destination

Sharath Rajan · ‎05-13-2022

SinghRaminder · ‎05-13-2022

Hello Sharath, as i showed you the changes we made were good, the Integrity and PRF on FTD needs to match with Integrity on the Sonicwall, Sonicawall does not have any setting for PRF, it takes the value from Integrity

In order to test the tunnel, generate some traffic and as i showed you, it worked.

****

Please accept this as solution if this resolved your problem

Thanks

Raminder

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

Sharath Rajan · ‎05-13-2022

Dear Singh

THANK YOU SO MUCH THE KIND SUPPORT

YOU DONE IT WELL DONE

THAKS AGAIN