GVC 4.9.14 and above are not connecting - Phase 1 Proposal does not match

Description

After the update of the Global VPN Client to 4.9.14, you're not able to connect to the WAN GroupVPN anymore.

In the firewall logs you can see that the connection has been refused because of "IKE Responder: IKE proposal does not match (Phase 1)"

Cause

The root cause might be related to not secure settings in the VPN Proposals. New GVC versions needs an encryption method 3DES or AES-128 or above.

If under the Proposals tab in the WANGroupVPN configuration (VPN | Settings) you configured the encryption method as "DES", new GVC versions won't work:

Image

Resolution

  1. Go to VPN | Settings, click the configuration button beside WAN Group VPN.
  2. Go to Proposals tab
  3. Select at least 3DES as encryption method for IKE (Phase 1) Proposal and IPSec (Phase 2) Proposal.

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
GVC/L2TP
Firewalls
SonicWall SuperMassive 9000 Series
GVC/L2TP
Firewalls
TZ Series
GVC/L2TP
not finding your answers?
Ask the Community