PHPKB Knowledge Base Software Logo  
Guru Corner
Online Knowledgebase System  
Knowledge Base Home Knowledge Base Home
Home > All Categories > Dell > SonicWALL > The VPN Log shows: "IKE Initiator Remote party timeout..." error
Question Title The VPN Log shows: "IKE Initiator Remote party timeout..." error

Article Applies To:

Affected SonicWALL Security Appliance Platforms: 

Gen5: NSA E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240
Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 Wireless,
Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless (RevB)


Firmware/Software Version: All versions.
Services: VPN

Problem Definition:

The " IKE Initiator: Remote Party timeout..." log shows several timeout messages and " IKE negotiation aborted due to timeout" after a short delay, indicates that there is a communication problem or the Initiator and Responder are unable to complete the Phase 1 negociations.

 

Logs on Initiator:


 

 


 

Resolution / Workaround:

If you receive an IKE Initiator: No response--remote party timeout error,
 
1. Checking the 
logs on the Responder SonicWALL will clearly display the exact problem, ensure that the  Proposals are identical on both the VPN policies.

Logs on Responder:



If no log messages are available for the Initiator VPN device, then follow these steps:

2. Ensure that the Global VPN option and the VPN policy is enabled


3.  Network connectivity between units. (Tip: you may try to connect via GVC software if GroupVPN is configured on the SonicWALL)


4. 
'Disable this SA’ box is not checked in SA of IKE Responder (SonicOS Standard)


5.
  
IPSec Gateway address in Initiator SA specifies WAN address of IKE Responder


6.
 
If you are using FQDN in the IPSec Gateway Name or Address field, ensure that FQDN resolves to WAN address of IKE Responder


7.
IKE Access Rules enabled on both SonicWALLs


8.
 
No other firewalls in the path are blocking IKE (UDP 500, 4500) or IPSec Protocol 50 and 51.


9.
 
Contact ISP to see if they're blocking IKE (UDP 500, 4500) or IPSec Protocol 50 and 51.


10.
 I
f using SonicOS Standard with Aggressive Mode VPN, m ake sure the remote end’s firewall name is specified on the host firewall’s VPN policy


11.
 I
f the VPN Tunnel is being established with a 3rd Party VPN device, then make sure that NAT – T is disabled (in case there is no NAT device in front of the SonicWALL)
 


12.
Check the Local and Peer IKE IDs in the VPN policy if you have setup the  Site to Site VPN Policy between the SonicOS Enhanced and Standard firewalls


13.
Click the Advanced tab of the VPN Policy, s et VPN to bind to Zone WAN.


Authored by: Guru Corner
Click Here to View all the questions in SonicWALL category.
File Attachments File Attachments
There are no attachment file(s) related to this question.
Article Information Additional Information
Article Number: 216
Created: 2012-05-05 8:38 PM
Rating: No Rating
 
Article Options Article Options
Print Question Print this Question
Export to Adobe PDF Export to PDF File
Export to MS Word Export to MS Word
 
Search Knowledge Base Search Knowledge Base
 
 

Powered by Guru Corner