The IPSEC VPN interconnect instance between USG2110 and sonicwall firewall

Publication Date:  2012-09-14 Views:  682 Downloads:  0
Issue Description
The IPSEC VPN interconnect instance between USG2110 and sonicwall firewall
Topology:USG2110(embranchment)—internet—sonicwall(headquarters)
Establish IPSEC VPN by making over related configuration on sonicwall basic. 
Alarm Information
NULL 
Handling Process



ike local-name huawei.com

#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2                    (dh group should be identical)
sa duration 28800
#
ike peer zongbu
exchange-mode aggressive      (aggressive mode)
pre-shared-key cnooc_ccw2009
ike-proposal 1
local-id-type name            (choose the name certificate way)
remote-name beijing.com
remote-address 202.108.65.92          
nat traversal
#
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm 3des    (encryption is 3des,should be identical with above)
#
ipsec policy fengbu 1 isakmp
security acl 3000
ike-peer zongbu
proposal 1
sa duration traffic-based 28800   (IKE 2rd phase, alive time should be same with above)
#
interface Ethernet2/0/0
undo ip fast-forwarding qff        (Shutdown fast forwarding)
dhcp client enable
ipsec policy fengbu
Root Cause
NULL 
Suggestions
The tunnel cannot be build commonly because the variance of both side parameter, please check whether both side parameter is identical or not. 

END