I've been trying to build a site to site vpn between my Sophos SG230 and my Sonicwall TZ350. I was able to get the vpn up and connected for about half a day, until the electricity went out for a few hours. Now I can't seem to get both firewalls to connect again. I have spoken with both Sophos and Sonicwall techs multiple times and they both assure me that it is set up correctly. I've called the ISP to make sure nothing is being blocked and there isn't. I've included screenshots of both firewalls as well as the error message I'm getting Both techs I talked told me it was an issue with the pre-shared key, but I have changed that several times and made sure that they are the same on both.
Basically, the error I keep running into is:
The first PSK failure is at 14:40:41. I would have expected more lines ahead of that - no?
Is either VPN endpoint behind a NATting router? If so, the NATted side should be the side to initiate the connection…
Sounds frustrating! Try the following:
1. Confirm that Debug is not enabled. 2. Disable the IPsec Connection. 3. Start the IPsec Live Log and wait for it to begin to populate. 4. Enable the IPsec Connection. 5. Copy here about 60 lines from enabling through the error.
Cheers - Bob
Is either VPN endpoint behind a NATting router? If so, the NATted side should be the side to initiate the connection and the receiving side should have a public IP. If that's not the case, insert a picture of the 'Preshared Key Settings' and a picture of the Edit of the Remote Gateway.
I was able to figure it out by changing the gateway from 'Respond Only' to 'Initiate connection'. Not sure why, but that seemed to fix it. Thanks for your replies.
Both the Sophos and Sonicwall techs should have known that the other reason for such a Main Mode message failure is that the message is "signed" with the IP of the interface and the receiving side checks that the IP is the same as the one from which the message came.