3

The problem i am facing is establishment of a site to site VPN in between pfSense( version 2.0.1) and SonicWall Pro2040 Enhanced ( Firmware Version: SonicOS Enhanced 4.2.1.4-7e) . All of the configuration is done properly , still i got the following error in sonicwall -enter image description here

Phase 1 and 2 passes properly but problem with "Payload processing" i found that it could be for shared key mismatch but I double check , no mismatch with shared key in both firewall . It also shows in sonicwall that tunnel is active- enter image description here

The log from pfSense is below - enter image description here

In pfSense the tunnel shows inactive .

I am not too expert in firewall, so I will be grateful if will receive a proper guideline in this regard,

mustaque
  • 101
  • 1
  • 2
  • 5
  • Not sure, but if you have completed phase 2 the tunnel should be up. Looks like it stays up for a little over 30 seconds, then dead peer detection shuts it down. What are your DPD timeouts set to? Do you have traffic going over the tunnel? Have you tried capturing packets while establishing the tunnel and then pushing traffic? Can you paste logs from the same time period so we can match up what happens on either side? – mpontillo Jan 15 '14 at 06:19
  • dpd timeouts set to 10 seconds and retries 5 times. – mustaque Jan 16 '14 at 05:48

1 Answers1

0

Looks like you don't have DPD enabled on the Sonicwall. Make sure it's enabled, and that the settings match, or else disable DPD on the pfSense side.

Chris Buechler
  • 2,998
  • 14
  • 18
  • dpd is enable in both firewall, now no error in sonicwall log , but error in pfsense log ,they are 1." no policy found try to generate the policy " 2."no configuration found for ...." 3. failed to begin ipsec sa neogation" – mustaque Jan 15 '14 at 14:25
  • packets out from sonicwall is working and vpn tunnel shows green. No error in sonicwall log. But in pfsense side, the tunnel shows inactive, packets in to sonicwall is 0 , it means the sonicwall can send packets but can receive as pfsense could not send any packets or receiving any packets.log from pfsense - racoon : ERROR : no configuration found for x.x.x.x ( remote IP) raccon : ERROR: failed to begin ipsec sa negotiation . Please help – mustaque Jan 16 '14 at 09:32