The remotes you are having a problem with, are they random units, or all on DSL or all on Cable?
John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott R. Morgan Sent: Wednesday, December 11, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- Problem with dropped VPN Connection Let me preface this that this SA has worked for going on 4 months. We are running a Pro 200 as our hub and tele3's as our spokes in a VPN configuration. At our remote office sites, I have the Sonicwall set up to disallow any direct internet access, instead routing all network traffic through the VPN SA to the Pro200. The remote locations are set up with static IP addresses on either DSL or Commercial Cable modem accounts. Now, we will lose the VPN connection and only when we hard power off the Sonicwall at the remote location can we get a VPN connection to complete. It will then, for no reason suddenly drop the connection and not reconnect. I cannot figure out whether it is a problem with our ISP or the Tele3. Here are our settings: At the remote location, we use a SA set up as follows: IPSEC Keying Mode - IKE Using Pre-Shared Secret IPSEC Gateway - Points to Pro200 Phase1 DH Group - Group1 SA Lifetime (secs) - 28000 Phase I Encryption/Auth - 3DES & MD5 Phase I Encryption/Auth - Strong Encrypt and Auth (ESP 3DES HMAC MD5) Radio Button Selected - Use this SA as default route for all internet traffic Under Advanced Settings: Checked - Enable Windows Networking (NetBIOS) broadcast At the Pro200: IPSEC Keying Mode - IKE Using Pre-Shared Secret IPSEC Gateway - Points to Static IP Address assigned to Remote Tele3 Phase1 DH Group - Group1 SA Lifetime (secs) - 604800 Phase I Encryption/Auth - 3DES & MD5 Phase I Encryption/Auth - Strong Encrypt and Auth (ESP 3DES HMAC MD5) Networks Added: 192.168.3.0 255.255.255.255 Under Advanced Settings: Checked - Enable Windows Networking (NetBIOS) broadcast Checked - Forward Packets to Remote VPN Default LAN Gateway - 192.168.1.1 (This is our Corporate Web proxy server) Here is the Log file from the Pro200 when the Tele3 connects: 12/11/2002 11:03:44.880 IKE Responder: Begin Main Mode Phase 1 12/11/2002 11:03:45.464 IKE Responder: Main Mode Phase 1 Done 12/11/2002 11:03:45.608 IKE Responder: Begin Phase 2 12/11/2002 11:03:45.608 IKE Responder: Accepting IPSec proposal (RemoteTele3IP) (Pro200IP) 12/11/2002 11:03:45.768 IKE negotiation complete. Adding IPSec SA. Phase 2 Done (Pro200IP) (RemoteTele3IP) lifeSeconds=604800 remote range: (192.168.3.1 - 192.168.3.254) 12/11/2002 11:07:50.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 12/11/2002 11:07:58.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 12/11/2002 11:08:11.432 IKE Initiator: No response - remote party timeout or SA mis-match (Pro200IP), 500 (RemoteTele3IP), 500 Can anyone here help me in figuring out where my network is breaking? Thanks Scott R. Morgan [EMAIL PROTECTED] SUPERIOR RESTAURANT MANAGEMENT SERVICES (512) 443-3979 (512) 416-9621 (Fax) USPA A-29450 Only a skydiver knows why the birds sing.... They don't have to repack a parachute every time they land!!! --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude/F-Prot AV] ============================================================================ ======================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
