Sonicwall IKEv2 Payload processing errors

cjpanici

Hello, I am trying to create a site-to-site VPN connection between a sonicwall TZ470 running firmware 7.0.1-5030-R2007 and a pfSense router (2.6.0-RELEASE). I am managing the pfSense side, and I am working with a different group on the sonicwall side. It seems no matter what we select and try to match, we keep getting IKEv2 payload processing errors. Also, the sonicwall guy said there were phase not found errors as we were configuring. Me and the sonicwall guy shared screens to verify that everything matches.

He's putting in a ticket with SonicWall, but he said they will most likely point the finger at pfSense and say that it just doesn't work with the software. Has anyone gotten this to work with this sonicwall router?

Thanks in advance,
CJ

cjpanici

@cjpanici
Here are the relevant logs:

Feb 28 15:35:04 	charon 	22116 	15[KNL] creating acquire job for policy 66.66.66.66/32|/0 === 66.66.66.67/32|/0 with reqid {1}
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_VENDOR task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_INIT task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_NATD task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_CERT_PRE task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_AUTH task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_CERT_POST task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_CONFIG task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing IKE_AUTH_LIFETIME task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> queueing CHILD_CREATE task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating new tasks
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_VENDOR task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_INIT task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_NATD task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_CERT_PRE task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_AUTH task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_CERT_POST task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_CONFIG task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating CHILD_CREATE task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> activating IKE_AUTH_LIFETIME task
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> initiating IKE_SA con1[137] to 66.66.66.67
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> IKE_SA con1[137] state change: CREATED => CONNECTING
Feb 28 15:35:04 	charon 	22116 	07[CFG] <con1|137> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 28 15:35:04 	charon 	22116 	07[CFG] <con1|137> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Feb 28 15:35:04 	charon 	22116 	07[ENC] <con1|137> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Feb 28 15:35:04 	charon 	22116 	07[NET] <con1|137> sending packet: from 66.66.66.66[500] to 66.66.66.67[500] (332 bytes)
Feb 28 15:35:04 	charon 	22116 	07[NET] <con1|137> received packet: from 66.66.66.67[500] to 66.66.66.66[500] (36 bytes)
Feb 28 15:35:04 	charon 	22116 	07[ENC] <con1|137> parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> received INVALID_SYNTAX notify error
Feb 28 15:35:04 	charon 	22116 	07[IKE] <con1|137> IKE_SA con1[137] state change: CONNECTING => DESTROYING