Troubleshooting TZ 180 Configuration and Settings Issues
21
SonicWALL TZ 180 Recommends Guide
If the SonicWALL security appliance logs display
NO_PROPOSAL_CHOSEN
,
IKE proposal does not
match
, or
IKE negotiation aborted due to timeout
, the Phase 1 settings are probably incorrectly set on
one or both sides. Most settings in the
Proposals
tab of the VPN policy must exactly match on each side,
and if they do not match exactly, the tunnel fails in Phase 1 and Phase 2. The exception to this rule the
Life
Time
setting; if these do not match, the VPN policy negotiates using the lower of the two settings.
provides an example of Phase 1 setting.
Figure 13
VPN Policy Phase 1 Settings
If you have implemented the troubleshooting solutions to this point with no success, there may be
something between the two VPN devices that is blocking communication. If this is the case, verify that NAT
Traversal is enabled on both SonicWALL security appliances, and that any firewall in between is set to pass
UDP port 500 and UDP port 4500. If one of the sides is not a SonicWALL security appliance, it is necessary
to open UDP port 500 and IP type 50, since NAT Traversal may not negotiate with the third-party security
appliance.
Содержание TZ 180
Страница 3: ......
Страница 5: ...ii SonicWALL TZ 180 Recommends Guide...
Страница 43: ...Obtaining Technical Support 38 SonicWALL TZ 180 Recommends Guide...