Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)
Firmware/Software Version: All versions.
IKE Initiator: Remote Party timeout..." log shows several timeout messages and "
IKE negotiation aborted due to timeout" after a short delay, indicates that there is a communication problem or the
Initiator and Responder are unable to complete the Phase 1 negociations.
Logs on Initiator:
Resolution / Workaround:
If you receive an IKE Initiator: No response--remote party timeout error,
1. Checking the
logs on the Responder SonicWALL will clearly display the exact problem, ensure that the
Proposals are identical on both the VPN policies.
Logs on Responder:
If no log messages are available for the Initiator VPN device, then follow these steps:
2. Ensure that the
Global VPN option and the
VPN policy is enabled
Network connectivity between units. (Tip: you may try to connect via GVC software if GroupVPN is configured on the SonicWALL)
'Disable this SA’ box is not checked in SA of IKE Responder (SonicOS Standard)
IPSec Gateway address in Initiator SA specifies
WAN address of IKE Responder
6. If you are using
FQDN in the
IPSec Gateway Name or Address field, ensure that
FQDN resolves to WAN address of IKE Responder
IKE Access Rules enabled on both SonicWALLs
No other firewalls in the path are blocking IKE (UDP 500, 4500) or IPSec Protocol 50 and 51.
Contact ISP to see if they're blocking IKE (UDP 500, 4500) or IPSec Protocol 50 and 51.
10. If using SonicOS Standard with Aggressive Mode VPN, m
ake sure the remote end’s firewall name is specified on the host firewall’s VPN policy
the VPN Tunnel is being established with a 3rd Party VPN device, then
make sure that NAT – T is disabled (in case there is no NAT device in
front of the SonicWALL)
Check the Local and Peer IKE IDs in the VPN policy if you have setup the
Site to Site VPN Policy between the
SonicOS Enhanced and Standard firewalls
Advanced tab of the VPN Policy, s
et VPN to bind to Zone