From: Scott Morris (swm@emanon.com)
Date: Mon Jun 20 2005 - 21:13:04 GMT-3
Keepalives are good only after your IKE SA is set up! Lifetimes are good
for the negotiation, but do all your other IKE parameters match?
I don't play with Sonicwall stuff, so I have no idea what to tell you to
look for on there. But the things that you configure in your isakmp policy
on the PIX should help you determine what things need to match on the other
end!
Do debugs on the PIX tell you anything?
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
chon_mon@nym.hush.com
Sent: Monday, June 20, 2005 5:43 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: VPN timeout issues
Dear Group,
I have configured a site-to-site VPN between a PIX and a Sonic FW.
When the PIX initiates the connection, the Sonic at the remote site
accepts the phase 1 request, but then times out. The Sonic states
that the "IKE responder: remote party timeout" - and then nothing!
I have both my isakmp keepalives and lifetimes matching for both sides of
the VPN. Can anyone shed some light on this? TIA - Sean
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3