VPN-IPSec between Rut955 and sonicwall TZ-570

jcaicedo · August 29, 2023, 4:30pm

Hi!
I’m trying to create an VPN-IP-Sec between my RUT955 and my Sonicwall TZ570 in aggressive mode, however, in the RUT I can’t find where to configure phases 1 and phases 2, it only shows a general phase and other settings:

And I need configurate this next phases.

IKE (PHASE 1) PROPOSAL
Exchange: Aggressive Mode
DH Group:Group 5
Encryption: 3DES
Authentication: SHA1
Life Time (seconds): 28800

IPSEC (PHASE 2) PROPOSAL
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy (OFF)
Life Time (seconds): 28800

jcaicedo · August 29, 2023, 4:31pm

This is the other setting on the RUT avalible:

AndzejJ · August 30, 2023, 4:40am

Hello,

Make sure to enable Advanced mode in the top-right corner of the WebUI. Phase settings should then be visible at the botom of IPSec settings.

Also, since you are using aggresive mode, make sure to enable it in IPSec settings (Advanced settings tab under connection settings).

Kind Regards,

jcaicedo · August 30, 2023, 7:34pm

Hello, Thanks for your answer.

I’m trying to mount the VPN-IPSec, but the tunnel continues not working, I have this configurations for Sonicwall and the RUT955 in each phases:

AndzejJ · August 31, 2023, 5:00am

Hello,

Have you enabled the ‘aggresive’ option in advanced settings for IPSec?

Please, access the command line of the device (instructions here) using ‘root’ as the username, and execute the following commands to see the IPSec status and logs:

ipsec statusall
logread | grep ipsec

Kind Regards,

jcaicedo · September 5, 2023, 9:20pm

Hi!
Yes, in advanced Setting I have this configurations:

(in the black underlined text of the CLI is the public IP of my firewall)

Regards.

AndzejJ · September 6, 2023, 10:52am

Hello,

It seems that phase1 is fine.

Are you sure you need to specify ‘remote source IP’ in the advanced settings? Could you put this network as a remote network in general settings (within IPsec configuration)?

Double-check your selectors / networks, phase 2 proposals, and make sure you enter lifetime with ‘h’ to denote hours.

You can also check IPSec logs on both devices. To check them on RUT955, execute:

logread | grep ipsec

Kind Regards,

system · September 13, 2023, 4:31pm

This topic was automatically closed after 15 days. New replies are no longer allowed.