"The Peer is Not Responding to Phase 1 ISAKMP Requests" Error in Global VPN Client (GVC)

03/26/2020 1,825 People found this article helpful 98,483 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Resolution

Check GVC logs to verify the following.

1. Verify host running SonicWall GVC application has Internet connectivity and can browse the Internet. If not, then fix this problem and then follow next step.
   
   
2. Verify the peer gateway is running and the Group VPN policy is enabled. If you have other SonicWall GVC clients connecting to the same firewall on the same interface of the firewall, then this is not a problem.
   
   
3. SonicWall GVC works from certain locations and this error message only shows up when you are behind certain NAT device. There are two possible scenarios. NAT device is blocking IKE traffic from SonicWall GVC (Vista OS) since it is not using defined UDP source port (500) for IKE. This is currently only a problem with GVC running on Vista. In order for SonicWall GVC to use the defined IKE source port, start GVC by right-clicking on the icon and then select ‘Run as administrator’.  
   
   
4. It is possible that this NAT device is blocking IKE traffic and so requires a rule (policy) to allow IKE packets from SonicWall GVC. To verify if the IKE traffic from SonicWall GVC is reaching the Peer gateway, use the event logs (Network Debug Category enabled) or packet capture on the SonicWall appliance. If the Peer gateway does not get the IKE packets, then it is the NAT device in the middle or ISP that is dropping the IKE packets. Consult the NAT device manual or ISP to troubleshoot this problem.

Possible Solution: Upgrade to 4.9.14 or higher

SonicWall Global VPN Client 4.9.14 provides a new connection property option.

• Restrict the size of the first ISAKMP packet sent - This option can be used when the Global VPN Client gets an error such as, The peer is not responding to phase 1 ISAKMP requests when attempting to connect. This error can occur when the ISAKMP packet is fragmented due to its size, but the network device (router) does not allow a fragmented packet when establishing the VPN connection.
  
• For upgrade and installation support, please review the Administrator's Guide for the relevant version of GVC.

Pre-installation recommendations

SonicWall strongly recommends you follow these steps before installing the Global VPN Client (GVC) 4.9.14 (or higher) client.

• If you have SonicWall Global VPN Client version 4.8.6 or earlier installed, you must uninstall that version before installing version 4.9.14. Upgrading to GVC 4.9.14 is supported from version 4.9.0 and higher.
• SonicWall encounters run time conflicts when it co-exists with any 3rd party IPsec VPN clients. Uninstall all IPsec VPN clients prior to installing SonicWall GVC.
• For Vista systems, it is required that you update device drivers for each network adapter card to the latest available versions. You can check the NIC vendor Web site for these updates.

Related Articles

• How to force an update of the Security Services Signatures from the Firewall GUI
• How to upload security services signatures manually on Closed Environments?
• How to Create Gen 7 Settings File by Using the Online Migration Tool

Categories

• Firewalls > NSa Series > GVC/L2TP
• Firewalls > NSv Series > GVC/L2TP
• Firewalls > TZ Series > GVC/L2TP