[Vpn-help] dhcp over ipsec against a sonicwall tz170

Harondel J. Sibble help at pdscc.com
Thu Jan 15 22:52:54 CST 2009 

Hmm, so the dhcp over ipsec doesn't seem to be working, has that code made it 
into 2.1.4 completely?

choosing use an existing adaptor and current address with autoconfiguration 
disabled works fine, tunnel comes up and I can access machines at the other 
end, any choices using dhcp over ipsec fail as below.

On 12 Jan 2009 at 23:36, Harondel J. Sibble wrote:

> Matt
> 
> Connecting Shrew 2.1.4 on XP Pro to a Sonicwall TZ170, I basically followed
> my own instructions for configuring IPSecuritas here
> 
> <http://www.lobotomo.com/cgi-
> bin/yabb/YaBB.pl?board=IPSecuritas;action=display;num=1160415123;start=0>
> 
> or 
> 
> http://preview.tinyurl.com/29rra7
> 
> In the client connect window I am seeing
> 
> bringing up tunnel
> no dhcp response from gateway
> 
> DHCP over Ipsec is selected in the shrew client and is enabled on the 
> sonicwall and works successfully for both the Sonicwall client and also for
> the NCP client on Windows Mobile and XP.
> 
> I see in the archives there was at least one mesasge regarding fixes for
> slow 
> dhcp over ipsec responses.
> 
> These are the log entries on the sonicwall when I attempt to connect, ip's
> and host names have been obfuscated.
> 
> 1	01/12/2009 22:59:37.096	Warning	VPN IKE	Received packet retransmission. 
> Drop duplicate packet	aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com	
> des.tin.ation.ipadd, 4500	VPN Policy: WAN GroupVPN	 
> 2	01/12/2009 22:59:32.288	Warning	VPN IKE	IKE Responder: IPSec proposal does
> not match (Phase 2)	aaa.bbb.ccc.ddd, 60522, mycomputer,tld.com	
> des.tin.ation.ipadd, 4500	VPN Policy: WAN GroupVPN
> 
> Statically coding the ip address in the shrew client allows the tunnel to 
> come up, but am unable to access any machines on the other end of the
> tunnel.
> 
> It's getting late and I am sure I am missing something obvious, my sleep 
> deprived brain is just not sure what.

-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice)

More information about the vpn-help mailing list