[Vpn-help] dhcp over ipsec against a sonicwall tz170

Harondel J. Sibble help at pdscc.com
Tue Jan 13 01:36:14 CST 2009


Matt

Connecting Shrew 2.1.4 on XP Pro to a Sonicwall TZ170, I basically followed 
my own instructions for configuring IPSecuritas here

<http://www.lobotomo.com/cgi-
bin/yabb/YaBB.pl?board=IPSecuritas;action=display;num=1160415123;start=0>

or 

http://preview.tinyurl.com/29rra7

In the client connect window I am seeing

bringing up tunnel
no dhcp response from gateway

DHCP over Ipsec is selected in the shrew client and is enabled on the 
sonicwall and works successfully for both the Sonicwall client and also for 
the NCP client on Windows Mobile and XP.

I see in the archives there was at least one mesasge regarding fixes for slow 
dhcp over ipsec responses.

These are the log entries on the sonicwall when I attempt to connect, ip's 
and host names have been obfuscated.

1	01/12/2009 22:59:37.096	Warning	VPN IKE	Received packet retransmission. 
Drop duplicate packet	aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com	
des.tin.ation.ipadd, 4500	VPN Policy: WAN GroupVPN	 
2	01/12/2009 22:59:32.288	Warning	VPN IKE	IKE Responder: IPSec proposal does 
not match (Phase 2)	aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com	
des.tin.ation.ipadd, 4500	VPN Policy: WAN GroupVPN

Statically coding the ip address in the shrew client allows the tunnel to 
come up, but am unable to access any machines on the other end of the tunnel.

It's getting late and I am sure I am missing something obvious, my sleep 
deprived brain is just not sure what.
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice)




More information about the vpn-help mailing list