Welcome to ISAserver.org

SonicWall

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> VPN >> SonicWall

Page: [1] 2 next > >>

Message

<< Older Topic Newer Topic >>

SonicWall - 12.May2006 11:07:16 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

Hello everyone! I am trying to connect to a SonicWall device using the SonicWall Global VPN Client. The administrator of the sonic wall gave me a configuration file and I imported it into the client. The problem I am having is I cannot get out. It appears that the my 2004 ISA box is blocking the client, because if I go around the ISA box I connect fine. Any clue? What ports do I need open of SonicWall....Make an ISA rule for it???? Please help!

Thanks!
Brian

Post #: 1

Featured Links*

RE: SonicWall - 13.May2006 12:33:13 AM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

Create a rule to allow IKE Client and IPSec NAT-T from Internal to External.

You could make the rule more restricitve by using Computer objects (representing the Source and Destination) s should get you going. If it still fials, go into Monitoring\Logging and add an entry for Client IP Equals IP.Add.Re.Ss and see why ISA does with the traffic and which ports get denied.

(in reply to bbowen)

Post #: 2

RE: SonicWall - 16.May2006 8:47:00 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

quote:

ORIGINAL: ClintD

Create a rule to allow IKE Client and IPSec NAT-T from Internal to External.

You could make the rule more restricitve by using Computer objects (representing the Source and Destination) s should get you going. If it still fials, go into Monitoring\Logging and add an entry for Client IP Equals IP.Add.Re.Ss and see why ISA does with the traffic and which ports get denied.

Great, that worked for Phase I, now I am getting stuck at Phase II, the Global Client is trying to request an IP address from there DHCP server, but I get the following message on the SonicWall Global Client log "2006/05/16 14:44:23:539 Warning <local host> Failed to renew the IP address for the virtual interface. The semaphore timeout period has expired." I have tried several things from different sites, the connection works fine on the outside, so it must be a port or something that needs opened on the ISA 2004 box.....Any clue????

Thanks in advance!
-Brian

(in reply to ClintD)

Post #: 3

RE: SonicWall - 16.May2006 9:39:43 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

What does the Monitoring show? Do you see any traffic getting dropped? Take a network capture on the outside interface of the ISA Server and watch for traffic going to the SonicWall - you should see some traffic on UDP 4500 - make sure you see this and make sure the SonicWall replies to this - I've seen some VPN admins restrict the IPSec client from using an ephemeral/high port when connecting so make sure that any reaffic you send is being 'replied to'.

(in reply to bbowen)

Post #: 4

RE: SonicWall - 16.May2006 11:07:02 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

quote:

ORIGINAL: ClintD

What does the Monitoring show? Do you see any traffic getting dropped? Take a network capture on the outside interface of the ISA Server and watch for traffic going to the SonicWall - you should see some traffic on UDP 4500 - make sure you see this and make sure the SonicWall replies to this - I've seen some VPN admins restrict the IPSec client from using an ephemeral/high port when connecting so make sure that any reaffic you send is being 'replied to'.

Clint, I check my EtherReal log on the outside, the only thing I see is port 500 ISAKMP, which makes sense, and I see a Src Prt UDP 2552 Dst Prt 9 - Discard..... I checked and saw nothing going to 4500 at the outside address that I was given..... Am I doing this right?

Thanks!
Brian

(in reply to ClintD)

Post #: 5

RE: SonicWall - 17.May2006 12:56:11 AM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

Well heck - take a sniff on the inside interface of ISA and see if you see anything else with the SonicWall IPs for a destination - I assumed that the client would be using UDP 4500, but apparently not.

(in reply to bbowen)

Post #: 6

RE: SonicWall - 17.May2006 7:44:20 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

Clint, OK I used EtherReal on my External connection on the ISA box. Here is what I saw:

Frame 2675 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 34639 (34639), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
[Malformed Packet: ISAKMP]

Brian

(in reply to ClintD)

Post #: 7

RE: SonicWall - 17.May2006 8:13:23 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

OK good - so ISA is allowing the second portion of IPsec negotiations through - is there a response to this packet? If not, you might check with the VPN admin to see if they allow high port connections for IPSec - some only allow source 4500 destination 4500.

(in reply to bbowen)

Post #: 8

RE: SonicWall - 17.May2006 9:38:25 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

Clint, Nope nothing after this. Malformed Packet is the last response I get from my ISA box to the SonicWall IP address, using dest. port 4500.

-Brian

(in reply to ClintD)

Post #: 9

RE: SonicWall - 2.Jun.2006 10:00:45 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

OK so this thing is driving me crazy!!!! I tested the SonicWall Global Client on an outside connection and had no problem connecting to the remote VPN site. Something in my ISA server is stoping the connection.....Does anyone know what else besides ports 500 and 4500, need to be open to get the ISA box to work???? Please help I am going crazy!!!!!! Let me sum it up, I am ruinning the ISA firewall client, I am trying to connect to our sister company which is using a SonicWall firewall. I am not doing a point-to-point connection, just using the SonicWall Global client and trying to connect via the Internet. When I look at the Sonicwall log I get to the phase II part and aquiring an IP address and then it stops and fails. I know ISA is blocking something, or I don't have something turned on in ISA. I do not want to use the Remote Sites tab on the VPN section of ISA right???? That is for creating a tunnel between two sites, peer-to-peer network.....right???

Thanks in advance!
-Brian

(in reply to bbowen)

Post #: 10

RE: SonicWall - 2.Jun.2006 11:25:21 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

quote:

Let me sum it up, I am ruinning the ISA firewall client,

I guess I missed that part - have you tried uninstalling this client and seeing if things change?

Running the test outside of ISA doens't really prove anything unless the other path uses a NAT device in place of the ISA Server. Was the client behind a NAT device when you tested it out? Or was it direct?

You're right - you do not need to use the Remote Site - those are Gateway to Gateway connections.

< Message edited by ClintD -- 2.Jun.2006 11:27:24 PM >

(in reply to bbowen)

Post #: 11

RE: SonicWall - 7.Jun.2006 5:58:51 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

quote:

ORIGINAL: ClintD

quote:

Let me sum it up, I am ruinning the ISA firewall client,

I guess I missed that part - have you tried uninstalling this client and seeing if things change?

Running the test outside of ISA doens't really prove anything unless the other path uses a NAT device in place of the ISA Server. Was the client behind a NAT device when you tested it out? Or was it direct?

You're right - you do not need to use the Remote Site - those are Gateway to Gateway connections.

Thanks Clint, I will try removing the ISA Client. When I did the outside test, I was actually on my DMZ (Linksys Router), but it is wide open. My setup from inside out is, ISA, (DMZ) Linksys, Cable Modem (from provider). Maybe that will help, something just keeps telling me is has something to do with NAT???

-Brian

(in reply to ClintD)

Post #: 12

RE: SonicWall - 8.Jun.2006 3:54:22 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

OK, I tried removing the ISA Firewall Client, did a complete uninstall with reboot. When I tried to connect to the SonicWall with the VPN client, nothing happened, I got stuck at Phase I again on the SonicWall, the ISAKMP error.... It seems that I will need the ISA Firewall, the point at which I get stuck is Phase II on the SonicWall, here is the log:

2006/06/08 09:52:14:228 Information <local host> The connection "Hurd" has been enabled.
2006/06/08 09:52:14:879 Information 69.129.1.98 Starting ISAKMP phase 1 negotiation.
2006/06/08 09:52:14:989 Information 69.129.1.98 NAT Detected: Local host is behind a NAT device.
2006/06/08 09:52:14:989 Information 69.129.1.98 NAT Detected: Peer is behind a NAT device.
2006/06/08 09:52:14:999 Information 69.129.1.98 The SA lifetime for phase 1 is 28800 seconds.
2006/06/08 09:52:15:110 Information 69.129.1.98 Phase 1 has completed.
2006/06/08 09:52:15:200 Information 69.129.1.98 User authentication information is needed to complete the connection.
2006/06/08 09:52:19:766 Information 69.129.1.98 Starting ISAKMP phase 1 negotiation.
2006/06/08 09:52:22:300 Information 69.129.1.98 NAT Detected: Local host is behind a NAT device.
2006/06/08 09:52:22:300 Information 69.129.1.98 NAT Detected: Peer is behind a NAT device.
2006/06/08 09:52:22:300 Information 69.129.1.98 The SA lifetime for phase 1 is 28800 seconds.
2006/06/08 09:52:22:300 Information 69.129.1.98 Phase 1 has completed.
2006/06/08 09:52:22:450 Information 69.129.1.98 User authentication has succeeded.
2006/06/08 09:52:22:610 Information 69.129.1.98 The configuration for the connection is up to date.
2006/06/08 09:52:22:620 Information 69.129.1.98 Starting ISAKMP phase 2 negotiation with 10.8.0.0/255.255.0.0:BOOTPC:BOOTPS:UDP.
2006/06/08 09:52:22:700 Information 69.129.1.98 The SA lifetime for phase 2 is 28800 seconds.
2006/06/08 09:52:22:700 Information 69.129.1.98 Phase 2 with 10.8.0.0/255.255.0.0:BOOTPC:BOOTPS:UDP has completed.
2006/06/08 09:53:23:768 Warning <local host> Failed to renew the IP address for the virtual interface. The semaphore timeout period has expired.

Thanks!
Brian

(in reply to bbowen)

Post #: 13

RE: SonicWall - 8.Jun.2006 4:23:49 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

From that log, it looks like IPSec is negotiated successfully "Phase 2 with 10.8.0.0/255.255.0.0:BOOTPC:BOOTPS:UDP has completed" but that the IP address info isn't getting down to the client - can you take a network capture from the outside interface of ISA and see if you see UDP 4500 traffic going back and forth between ISAs IP and the Sonicwall device?

(in reply to bbowen)

Post #: 14

RE: SonicWall - 12.Jun.2006 2:50:31 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

Sure thing Clint, I will get back to you with what I find out.

Thanks!
Brian

(in reply to ClintD)

Post #: 15

RE: SonicWall - 12.Jun.2006 3:44:10 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

OK Here are the two files from my Ethereal Scan.

Source: (IP Address of outside SonicWall I am trying to connect to)

No. Time Source Destination Protocol Info
59 3.375101 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 59 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
60 3.375249 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 60 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
61 3.380830 69.129.1.98 192.168.0.254 ISAKMP Aggressive
Frame 61 (458 bytes on wire, 458 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: 49977 (49977)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
100 3.582312 69.129.1.98 192.168.0.254 ISAKMP Transaction (Config Mode)
Frame 100 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
101 3.582796 69.129.1.98 192.168.0.254 ISAKMP Informational
Frame 101 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
470 10.807756 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 470 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
471 10.808012 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 471 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
472 10.813838 69.129.1.98 192.168.0.254 ISAKMP Aggressive
Frame 472 (458 bytes on wire, 458 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: 49977 (49977)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
477 10.894108 69.129.1.98 192.168.0.254 ISAKMP Transaction (Config Mode)
Frame 477 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
491 10.970322 69.129.1.98 192.168.0.254 ISAKMP Transaction (Config Mode)
Frame 491 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
495 11.046234 69.129.1.98 192.168.0.254 ISAKMP Transaction (Config Mode)
Frame 495 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
499 11.121883 69.129.1.98 192.168.0.254 ISAKMP Transaction (Config Mode)
Frame 499 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
504 11.211633 69.129.1.98 192.168.0.254 ISAKMP Quick Mode
Frame 504 (210 bytes on wire, 210 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
511 11.291309 69.129.1.98 192.168.0.254 UDPENCAP
Frame 511 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
786 21.081475 69.129.1.98 192.168.0.254 ISAKMP Informational
Frame 786 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
788 21.290563 69.129.1.98 192.168.0.254 UDPENCAP
Frame 788 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
1082 31.289176 69.129.1.98 192.168.0.254 UDPENCAP
Frame 1082 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
1473 41.288107 69.129.1.98 192.168.0.254 UDPENCAP
Frame 1473 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
1552 46.111641 69.129.1.98 192.168.0.254 ISAKMP Informational
Frame 1552 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
1766 51.286840 69.129.1.98 192.168.0.254 UDPENCAP
Frame 1766 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
2171 61.285929 69.129.1.98 192.168.0.254 UDPENCAP
Frame 2171 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Info
2428 71.284339 69.129.1.98 192.168.0.254 UDPENCAP
Frame 2428 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 49979 (49979)
UDP Encapsulation of IPsec Packets

Dest: (IP Address of outside SonicWall I am trying to connect to)

No. Time Source Destination Protocol Info
55 3.294399 192.168.0.254 69.129.1.98 ISAKMP Aggressive
Frame 55 (1434 bytes on wire, 1434 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49977 (49977), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
59 3.375101 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 59 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
60 3.375249 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 60 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
72 3.507137 192.168.0.254 69.129.1.98 ISAKMP Aggressive
Frame 72 (170 bytes on wire, 170 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
102 3.585457 192.168.0.254 69.129.1.98 ISAKMP Informational
Frame 102 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
468 10.729247 192.168.0.254 69.129.1.98 ISAKMP Aggressive
Frame 468 (1434 bytes on wire, 1434 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49977 (49977), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
470 10.807756 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 470 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
471 10.808012 69.129.1.98 192.168.0.254 ICMP Destination unreachable (Fragmentation needed)
Frame 471 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:12:17:25:23:a0, Dst: 00:50:04:13:4a:67
Internet Protocol, Src Addr: 69.129.1.98 (69.129.1.98), Dst Addr: 192.168.0.254 (192.168.0.254)
Internet Control Message Protocol
No. Time Source Destination Protocol Info
473 10.820708 192.168.0.254 69.129.1.98 ISAKMP Aggressive
Frame 473 (170 bytes on wire, 170 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
478 10.896789 192.168.0.254 69.129.1.98 ISAKMP Transaction (Config Mode)
Frame 478 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
492 10.971730 192.168.0.254 69.129.1.98 ISAKMP Transaction (Config Mode)
Frame 492 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
496 11.048882 192.168.0.254 69.129.1.98 ISAKMP Transaction (Config Mode)
Frame 496 (162 bytes on wire, 162 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
500 11.123294 192.168.0.254 69.129.1.98 ISAKMP Transaction (Config Mode)
Frame 500 (122 bytes on wire, 122 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
502 11.137581 192.168.0.254 69.129.1.98 ISAKMP Quick Mode
Frame 502 (210 bytes on wire, 210 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
506 11.214044 192.168.0.254 69.129.1.98 ISAKMP Quick Mode
Frame 506 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
785 21.006558 192.168.0.254 69.129.1.98 ISAKMP Informational
Frame 785 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
1550 46.038862 192.168.0.254 69.129.1.98 ISAKMP Informational
Frame 1550 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Info
2427 71.074057 192.168.0.254 69.129.1.98 ISAKMP [Malformed Packet]
Frame 2427 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:50:04:13:4a:67, Dst: 00:12:17:25:23:a0
Internet Protocol, Src Addr: 192.168.0.254 (192.168.0.254), Dst Addr: 69.129.1.98 (69.129.1.98)
User Datagram Protocol, Src Port: 49979 (49979), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
[Malformed Packet: ISAKMP]

(in reply to bbowen)

Post #: 16

RE: SonicWall - 14.Jun.2006 8:43:10 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

*******bumb! :) Anyone????

(in reply to bbowen)

Post #: 17

RE: SonicWall - 14.Jun.2006 8:53:12 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

What's up with the ICMP messages from the Sonicwall? Fragmentation needed?

(in reply to bbowen)

Post #: 18

RE: SonicWall - 19.Jun.2006 3:29:09 PM

bbowen

Posts: 27
Joined: 7.Dec.2004
Status: offline

Not sure Clint, could this be causing my problem? Is this something the company with the Sonicwall should look at? Thanks for responding! :)

(in reply to ClintD)

Post #: 19

RE: SonicWall - 19.Jun.2006 6:12:38 PM

ClintD

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline

Admittedly, I'm grasping for straws, but this is the only thing out of the ordinary that I've seen in this setup. I don't remember having such a hard time getting tunnel mode to work when the configs looked good like this.

(in reply to bbowen)

Post #: 20