VPN - Sonicwall Lan-to-Lan

Author

Sonicwall Lan-to-Lan

barkingmadscot

2006-02-21, 5:47 pm

Hi all,

Thanks in advance

I am have a problem with a IKE connection between sonicwalls, i can
only ping (by IP) from the IKE Initiator, DNS/WINS doesn't work.

this is the log from the Initiator. (Dymanic IP)

02/21/2006 16:05:07.848 Starting IKE negotiation 80.5.132.14
213.107.169.56
02/21/2006 16:05:07.848 IKE Initiator: Aggressive Mode Phase 1 Done

02/21/2006 16:05:07.848 IKE Initiator: Begin Phase 2
02/21/2006 16:05:07.896 IKE negotiation complete. Adding IPSec SA.
Phase 2 Done

this is the log from the Responder. (Static IP)

02/21/2006 16:05:07.848 Starting IKE negotiation 80.5.132.14
213.107.169.56
02/21/2006 16:05:07.848 IKE Initiator: Aggressive Mode Phase 1 Done

02/21/2006 16:05:07.848 IKE Initiator: Begin Phase 2
02/21/2006 16:05:07.896 IKE negotiation complete. Adding IPSec SA.
Phase 2 Done 80.5.132.14 213.107.169.56 lifeSeconds=28770 remote range:
(192.168.70.1 - 192.168.70.254).

This is the setting used for the IKE connection

Phase 1 DH Group Group 1
SA Life time (secs) 28800
Phase 1 Encryption/Authentication DES & MD5
Phase 2 Encryption/Authentication Encrypt and Authenticate (ESP DES
HMAC MD5)

In the advanced section i have on the Initiator the following selected

Use Aggressive Mode
Enable Keep Alive
Enable Windows Networking (NetBIOS) broadcast
Apply NAT and firewall rules
Forward packets to remote VPNs

On the Responder i have the following selected

Enable Windows Networking (NetBIOS) broadcast
Forward packets to remote VPNs.

If i deselect Apply NAT and firewall rules on Initator, nothing works

Any help in getting the VPN tunnel working correctly with DNS/WINS
would be great

Cheers

snertking

2006-02-21, 5:47 pm

barkingmadscot wrote:

> Hi all,
>
> Thanks in advance
>
> I am have a problem with a IKE connection between sonicwalls, i can
> only ping (by IP) from the IKE Initiator, DNS/WINS doesn't work.
>
> this is the log from the Initiator. (Dymanic IP)
>
> 02/21/2006 16:05:07.848 Starting IKE negotiation 80.5.132.14
> 213.107.169.56
> 02/21/2006 16:05:07.848 IKE Initiator: Aggressive Mode Phase 1 Done
>
> 02/21/2006 16:05:07.848 IKE Initiator: Begin Phase 2
> 02/21/2006 16:05:07.896 IKE negotiation complete. Adding IPSec SA.
> Phase 2 Done
>
> this is the log from the Responder. (Static IP)
>
> 02/21/2006 16:05:07.848 Starting IKE negotiation 80.5.132.14
> 213.107.169.56
> 02/21/2006 16:05:07.848 IKE Initiator: Aggressive Mode Phase 1 Done
>
> 02/21/2006 16:05:07.848 IKE Initiator: Begin Phase 2
> 02/21/2006 16:05:07.896 IKE negotiation complete. Adding IPSec SA.
> Phase 2 Done 80.5.132.14 213.107.169.56 lifeSeconds=28770 remote range:
> (192.168.70.1 - 192.168.70.254).
>
> This is the setting used for the IKE connection
>
> Phase 1 DH Group Group 1
> SA Life time (secs) 28800
> Phase 1 Encryption/Authentication DES & MD5
> Phase 2 Encryption/Authentication Encrypt and Authenticate (ESP DES
> HMAC MD5)
>
> In the advanced section i have on the Initiator the following selected
>
> Use Aggressive Mode
> Enable Keep Alive
> Enable Windows Networking (NetBIOS) broadcast
> Apply NAT and firewall rules
> Forward packets to remote VPNs
>
> On the Responder i have the following selected
>
> Enable Windows Networking (NetBIOS) broadcast
> Forward packets to remote VPNs.
>
> If i deselect Apply NAT and firewall rules on Initator, nothing works
>
> Any help in getting the VPN tunnel working correctly with DNS/WINS
> would be great
>
> Cheers
>
you need to have the boxes on both ends of the tunnel using the samd dns
and wins servers.

That is the cause of your problem. Not the VPN itself.

barkingmadscot

2006-02-22, 2:46 am

I have checked the DNS, both site have the same ISP and are using the
same ISP DNS server. On the Static i am not using the DHCP server on
the sonicwall. On the Dymanic one i am using the DHCP Server. I have
set to DNS and WINS to the DC on the other site using the internal
address.