Screen OS

I am trying to setup a VPN to a Sonic Wall NSA 3500, I keep getting the following message at Phase 1:

"The peer sent a packet with a message ID before Phase 1 authentication was done"

 

Any idea why this could be happening?  Thanks in advance.

Check all your P1 settings. Also whether you terminate VPN on the correct interface in the IKE Gateway config.

 

Are both devices connected directly to the internet with a public ip directly on the wan interface, or are you using NAT in between ?

 

Dennis

Please verify the IKE protocol implementation of the SonicWall device. I think somethig wrong with the configuration , please first verify the config and then "clear ike all" in juniper Firewall and check it again.

 

Thanks

Atif

Ok figured out the issue it was related to Phase 1 ofcourse because that is what was failing.  Apparently Sonic Wall and Juniper have an issue if you add anything as "Local ID" in Juniper.  Sonic Wall sees that as FQDN and fails Phase 1.

Hi Mali

 

Btw what type VPN that u use route or policy base ? does the juniper device as dynamic peers so u put local id on the VPN Setting ?

 

 

Thanks

 

EL

We use route based VPN's.  No dynamic peer I just use the "Local ID" option to determine which tunnel that gateway is using.  So in the local ID I just add "tunnel.1" or "tunnel.2" "for information" only.  I never ran into this trouble until I had to work with Sonic Wall.