1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV200 Sonicwall Site to Site Problem

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by apostolic, Apr 1, 2007.

  1. apostolic

    apostolic Guest

    I'm using a Sonicwall 1260 at work and I'm trying to create a tunnel from home using the WRV200. Here's the problem: Sonicwall has a Sonicwall Identifier that it uses (usually recommended to be the serial number of the device) and we already have several other tunnels on the 1260 so I can't change the 1260's ID without breaking all the other tunnels. The SonicWall ID's are usually 12 characters in length. But the LinkSys VPN logs show the ID with a leading @ character (don't know if the LinkSys or the SonicWall is adding the @ character).

    093 [Sun 01:09:04] "TunnelA" #12: Aggressive mode peer ID is ID_FQDN: '@XXX6B1284FXX'
    094 [Sun 01:09:04] "TunnelA" #12: we require peer to have ID 'XX.63.86.98', but peer declares '@XXX6B1284FXX'
    095 [Sun 01:09:04] "TunnelA" #12: sending notification INVALID_ID_INFORMATION to XX.63.86.98:500

    According to some posts I've read about OpenSwan there's a rightid parameter that can be used in cases like this. However, it doesn't look like the WRV200 software exposes this parameter anywhere.

    One of the reference links I read:
    https://lists.strongswan.org/pipermail/users/2005-April/000715.html

    Any thoughts or suggestions?
     
  2. kspare

    kspare Computer Guy Staff Member Member

    What vpn options do you have on the sonic wall? I can't imagine this router wouldn't be ipsec compatible with other routers.
     
  3. HughR

    HughR LI Guru Member

    Your analysis seems correct. I don't know anything about the WRV200 configuration GUI, but I do understand the FreeS/WAN / Openswan stuff. BTW, aggressive mode isn't secure (so we didn't have it in FreeS/WAN).

    IPsec supports several kinds of IDs. The WRV200 seems to be configured with an IPv4 IP address as its peer's ID and the Sonicwall is configured with a FQDN (fully qualified domain name) as its own ID. Both are conformant. You need to reconfigure one end or the other to make them willing to talk.

    If only you could ssh into the WRV200 and edit /etc/ipsec.conf ...
     

Share This Page