Site to Site VPN between CISCO 2921 and Sonicwall NSA 3600: NO_PROPOSAL_CHOSEN

cisco site-to-site-vpn sonicwall

I have CISCO 2921 and Sonicwall NSA 3600. I am trying to setup Site to site VPN. I am getting: 

Received notify. NO_PROPOSAL_CHOSEN

in Sonicwall logs and the VPN is not setup.

It looks like the phase 1 is OK as I am getting:

Info VPN IKE IKE Initiator: Start Quick Mode (Phase 2). SONIC_WALL_IP, 500  CISCO_IP, 500 VPN Policy: test

in the sonicwall logs just before NO_PROPOSAL_CHOSEN message.

I have checked:

  • Authentication/Authorization algorithms on both side and they match(DES/SHA1)
  • Correct subnets are configured on both side of the connection(172.16.0.0 on Sonicwall side and 172.19.0.0 on Cisco side)

Both debug crypto isakmp and debug crypto ipsec on cisco doesn't give me any output.

Because WAN interface is setup as /28 there is a a bit of nat-ing set up but I think it is not relevant so I removed it from the below CISCO config example, I will add it when requested. Computers connected to 172.19.0.0 have internet access with a correct IP address so I think that nat-ing is irrelevant.

Can someone please help me with this?I might be missing some configuration or I have made a stupid mistake.

Relevant cisco config:

// Phase 1
crypto isakmp policy 1
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key SECRET address SONICWALL_IP

//Phase 2
crypto ipsec security-association lifetime seconds 28800

crypto ipsec transform-set MYSET esp-des esp-sha-hmac 

crypto map MYMAP 1 ipsec-isakmp 
 set peer SONICWALL_IP
 set transform-set MYSET 
 match address 166

// WAN interface
interface GigabitEthernet0/0
 description WAN
 ip address CISCO_PUBLIC_IP 255.255.255.240
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto map MYMAP

//LAN interface
interface GigabitEthernet0/1/3
 switchport access vlan 72
 no ip address

interface Vlan72
 ip address 172.19.0.1 255.255.0.0
 ip nat inside
 ip virtual-reassembly in

access-list 166 permit ip 172.19.0.0 0.0.255.255 172.16.0.0 0.0.255.255

Sonicwallis setup as:

enter image description hereenter image description here

and the Network tab -> Remote Networks -> Choose destination network from list is set up as:

enter image description here


Solution 1:

I had a simmilar issue and this document helped me out...

VPN: The log shows "Received Notify: No Proposal Chosen" (SW3902) - Affected SonicWALL Security Appliance

Another hint is to check the passphrase - and be sure that the shared secred has a minimum lenght of 6 characters.

Related

Outgoing brute force attacks from my server
How to find size of atomic write for nginx access log buffer?
Tracing Untraceable AD Account Lockouts
Windows 8.1 Pro migrating "Microsoft live" account to domain account
docker-compose down with a non-default yml file name
How to convert BigInt to Number in JavaScript?
How can I replace newlines using PowerShell?
XSL: Avoid exporting namespace definitions to resulting XML documents
windbg: Command output to text file
How do I search git history for a disappeared line?
HTML - Arabic Support
How can I copy/clone a site on iis7