[Vpn-help] dhcp over ipsec against a sonicwall tz170
Harondel J. Sibble
help at pdscc.com
Tue Jan 13 01:36:14 CST 2009
Matt
Connecting Shrew 2.1.4 on XP Pro to a Sonicwall TZ170, I basically followed
my own instructions for configuring IPSecuritas here
<http://www.lobotomo.com/cgi-
bin/yabb/YaBB.pl?board=IPSecuritas;action=display;num=1160415123;start=0>
or
http://preview.tinyurl.com/29rra7
In the client connect window I am seeing
bringing up tunnel
no dhcp response from gateway
DHCP over Ipsec is selected in the shrew client and is enabled on the
sonicwall and works successfully for both the Sonicwall client and also for
the NCP client on Windows Mobile and XP.
I see in the archives there was at least one mesasge regarding fixes for slow
dhcp over ipsec responses.
These are the log entries on the sonicwall when I attempt to connect, ip's
and host names have been obfuscated.
1 01/12/2009 22:59:37.096 Warning VPN IKE Received packet retransmission.
Drop duplicate packet aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com
des.tin.ation.ipadd, 4500 VPN Policy: WAN GroupVPN
2 01/12/2009 22:59:32.288 Warning VPN IKE IKE Responder: IPSec proposal does
not match (Phase 2) aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com
des.tin.ation.ipadd, 4500 VPN Policy: WAN GroupVPN
Statically coding the ip address in the shrew client allows the tunnel to
come up, but am unable to access any machines on the other end of the tunnel.
It's getting late and I am sure I am missing something obvious, my sleep
deprived brain is just not sure what.
--
Harondel J. Sibble
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice)
More information about the vpn-help
mailing list