Sonicwall VPN client behind Linksys BEFSX41 loses connectivity after a few days

From: Jason L. (jlehrhoff@nyc.rr.com)
Date: 02/01/03 

From: jlehrhoff@nyc.rr.com (Jason L.)
Date: 1 Feb 2003 08:05:59 -0800

I'm using the latest Sonicwall VPN client (8.0) , behind a Linksys
router firewall (BEFSX41, with the latest 1.44 firmware). The machine
is getting the 1 DHCP address the router is configured to dish out.
Client is connecting to a Sonicwall Pro 300, with the latest firmware
(6.4.0.1).
THe VPN client craps out, usually after a few days to a week. The
Sonicwall logs fill up with these messages, that correspond to this
clients IP address (I will mask the ip's):
01/31/2003 17:00:40.944 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:00:49.944 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:01:08.896 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:01:33.928 - Received packet retransmission. Drop
duplicate packet - Source:207.237.XXX.XXX -
        Destination:64.52.XXX.XXX - -
01/31/2003 17:01:43.944 - IKE negotiation aborted due to timeout -
        Source:64.52.XXX.XXX - Destination:207.237.XXX.XXX - -
01/31/2003 17:02:33.784 - IKE Responder: Received Aggressive Mode
request (Phase 1) - Source:207.237.XXX.XXX -
        Destination:64.52.XXX.XXX - -
01/31/2003 17:02:38.000 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:02:46.944 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:03:05.000 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:03:33.848 - Received packet retransmission. Drop
duplicate packet - Source:207.237.XXX.XXX -
        Destination:64.52.XXX.XXX - -
01/31/2003 17:03:37.944 - IKE negotiation aborted due to timeout -
        Source:64.52.XXX.XXX - Destination:207.237.XXX.XXX - -
01/31/2003 17:04:32.464 - IKE Responder: Received Aggressive Mode
request (Phase 1) - Source:207.237.XXX.XXX -
        Destination:64.52.XXX.XXX - -
01/31/2003 17:04:37.944 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:04:47.896 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXXXXX,
500 - -
01/31/2003 17:05:06.896 - IKE Responder: No response - remote party
timeout - Source:64.52.XXX.XXX, 500 - Destination:207.237.XXX.XXX,
500 - -
01/31/2003 17:05:35.032 - Received packet retransmission. Drop
duplicate packet - Source:207.237.XXX.XXX -
        Destination:64.52.XXX.XXX- -
01/31/2003 17:05:41.896 - IKE negotiation aborted due to timeout -
        Source:64.52.XXX.XXX- Destination:207.237.XXX.XXX -

The 64.52 subnet is the firewall, and the 207.237. is the reomte host,
using RCN as its ISP. I called RCN, and they say they don't block any
VPN traffic. The router will lose VPN connectivity, and/or internet
access. Sometimes losing its DHCP address from the Linksys. The
workaround has been power cycling the Linksys,(sometimes 2x), to get a
DHCP address (from thge cable modem, and from the client to router).
Sonicwall and Linksys will continue to blame each other for this, and
meanwhile the CEO calls me from his house every day, asking why he
can't get his H: drive.
I enabled IPsec pass through on the Linksys, as well as passing UDP
port 500 to the one DHCP client on the remote VPN side.

Any help would be GREATLY appreciated!

-Jason
ok_great@hotmail.com

Relevant Pages

  • RE: NSLOOKUP: Office Conx OK Home Conx Not
    ... When a client PC is physically removed from the domain it cannot access the ... Internet unless the VPN software is running. ... IPOCONFIG shows a local ip address (from a home router). ...
    (microsoft.public.windows.server.dns)
  • VPN drops frequently
    ... I have a VPN client connection to a Watchguard SOHO 6tc firewall router ...
    (comp.security.firewalls)
  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... the easiest way to deal with a VPN is to *FIRST* understand how ... as the NAT LAN connected to the terminating VPN server, to the client. ... Destination router: ... Gateway IP = 192.168.3.1 ...
    (alt.internet.wireless)
  • Re: WRT54GL with DD-WRT VPN firmware - wheres the beef?
    ... after the connection is established. ... the easiest way to deal with a VPN is to *FIRST* understand how ... as the NAT LAN connected to the terminating VPN server, to the client. ... Destination router: ...
    (alt.internet.wireless)
  • Re: Nortel Contivity Client works without router but not with router.
    ... >> connected without the router, then it would say NAT Traversal disabled. ... >> The problem is that my client seems to be of the 'locked down' type, ... >> support routers when using VPN". ...
    (comp.dcom.vpn)