[vpn] Netscreen/Sonicwall Phase 1 failure

Riccardo Valente riccardo at thevalentes.net
Fri Jan 25 09:49:52 EST 2002


I'm trying to troubleshoot a failing pre-shared secret Phase 1 negotiation
between a Netscreen and a Sonicwall. I don't have access to the latter, but
I was assured it's using DH Group2, DES and MD5.

This is the log for Phase 1:

01/25/2002 14:16:33 Give up phase 1 to x.x.x.x
01/25/2002 14:16:15 phase 2 sa task to x.x.x.x exist.
01/25/2002 14:16:03 Initialt Phase 1 session, peer<7>.


and an extract of the debug information:

receive INFO pkt with message id before phase 1 auth is done. Ignore the pkt
    [retries timing out]
Phase 1 SA(a.b.c.d) reported broken.
delete sa(w.x.y.z - a.b.c.d), state (100f/2)


I tend to think the problem is at the Sonicwall end, since this Netscreen
configuration has been used successfully with all sorts of  VPN gateways
with no excessive grief. Any suggestions?

riccardo


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list