-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to solve "Received notify: INVALID ID INFO" event log error?
12/20/2019 
1,347 People found this article helpful
504,861 Views
Description
The log shows "Received notify: INVALID_ID_INFO" on the initiator firewall.
Resolution
INVALID_ID_INFO can occur both in Phase 1 and in Phase 2 of building up a VPN tunnel.
In Phase 1
The SonicWall received notification that the Phase 1 ID is invalid.
This is most likely to happen on an Aggressive Mode request error. Check that aggressive mode is set in the SA of both SonicWalls.
On SonicOS Enhanced firmware, you can set local and peer (remote) IKE ID's according to IP address, domain name, email address or SonicWall identifier (UFI).
In case of a Main mode tunnel, this error can be seen when the appliance at one end is behind a NAT device. SonicWall UTM appliances use their WAN IP as IKE ID by default and are expecting the other side's public IP as remote IKE ID. On SonicOS enhanced firmware, you can reconfigure the Local / Peer IKE ID with the correct IP address, or specify another parameter such as domain name, email address or UFI.
In Phase 2
This is always a case whereby Local and Destination networks do not match on either side. Please ensure the VPN policies on both Units are configured with the correct Destination and Local networks.
TIP: For more detailed information regarding Site to Site Configuration, please refer to the following KB: Types of Site to Site VPN Scenarios and Configurations
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > SonicWall SuperMassive 9000 Series > Logging/Alerts
- Firewalls > SonicWall SuperMassive E10000 Series > Logging/Alerts
- Firewalls > TZ Series > Logging/Alerts
- Firewalls > NSa Series > Logging/Alerts
- Firewalls > NSv Series > Logging/Alerts
YES
NO