09-06-2005 10:31 PM
We need to establish Tunnel between ASA 5520 and Sonicwall Firewall. The network is
LAN-- ASA-- Core L2--- bGP Router--- ADSL Router --Sonicwall FW -- LAN
The tunnel is not getting established. I am attaching the Tech Report, Debug outputs.
The preshare keys on both sides match, 3DES, SHA1 are configured on Sonicwall.
Can someone guide me as to how to trouble shoot and bring the tunnels up. I need to shift 15 Tunnels to the ASA from Pix & other 2 firewalls.
09-07-2005 11:32 PM
Hi Biju,
Please try changing the tunnel-group configurations as follows
tunnel-group 59.144.1.25 type ipsec-l2l
tunnel-group 59.144.1.25 ipsec-attributes
pre-shared-key *
HTH
Regards,
Shijo George.
09-08-2005 01:43 AM
Hi Shijo,
I will test it and inform.
Thanks
Regards
Biju Jacob
09-09-2005 02:06 AM
Hi Shijo,
Tried using Peer IP without any change in status.
ZapAppCore-Fw1# sh crypto ipsec stats
IPsec Global Statistics
-----------------------
Active tunnels: 0
Previous tunnels: 0
Inbound
Bytes: 0
Decompressed bytes: 0
Packets: 0
Dropped packets: 0
Replay failures: 0
Authentications: 0
Authentication failures: 0
Decryptions: 0
Decryption failures: 0
Outbound
Bytes: 0
Uncompressed bytes: 0
Packets: 0
Dropped packets: 0
Authentications: 0
Authentication failures: 0
Encryptions: 0
Encryption failures: 0
Protocol failures: 0
Missing SA failures: 0
System capacity failures: 0
ZapAppCore-Fw1# sh crypto ipsec sa
There are no ipsec sas
ZapAppCore-Fw1# ping 59.144.1.25
Sending 5, 100-byte ICMP Echos to 59.144.1.25, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ZapAppCore-Fw1# sh crypto isakmp sa
There are no isakmp sas
Biju Jacob
10-07-2005 01:43 AM
Hi Guys,
We managed to solve the problem, NAT-R was enabled on the farend sonicwall and once we disabled the tunnels came up fine.
The other problem we were facing was creating multiple VPNs to a single peer which was not happening with 7.0(1). Opened a case with TAC with no results when we found that this is a bug in OS which has been rectified in 7.0(3.10), which unfortunatly was not pointed out by the TAC guy. We off we go to see if the new OS would solve the problems. Thanks to everyone who tried helping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide