Connection to a remote VPN - ISAKMP protocol using SonicWall Global VPN Client



  • Hi everybody,
    I'm stuck with a really strange problem.
    Saturday I upgraded my pfsense from 2.2.2 to  2.2.6.
    In my network there's a PC that connect to a remote endpoint using Sell SonicWall Global VPN Client and from monday it's not more able to connect.
    The client logs say:

    2016/01/20 13:57:08:946	Information	 <local host="">The connection "GroupVPN_0006B10C7A20" has been enabled.
    2016/01/20 13:57:10:089	Information	93.64.89.186	Starting ISAKMP phase 1 negotiation.
    2016/01/20 13:57:28:574	Error      	93.64.89.186	An error occurred.
    2016/01/20 13:57:28:574	Error      	93.64.89.186	The peer is not responding to phase 1 ISAKMP requests.
    2016/01/20 13:57:28:958	Information	93.64.89.186	Starting ISAKMP phase 1 negotiation.</local>
    

    On pfsense I see

    #tcpdump host 93.64.89.186
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
    13:57:28.921956 IP pcledro7001.domucvl.local.isakmp > mail.isrh.it.isakmp: isakmp: phase 1 I agg
    13:57:28.921969 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:28.921974 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:28.922024 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:31.579530 IP pcledro7001.domucvl.local.isakmp > mail.isrh.it.isakmp: isakmp: phase 1 I agg
    13:57:31.579541 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:31.579546 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:31.579593 IP pcledro7001.domucvl.local > mail.isrh.it: udp
    13:57:37.663857 IP pcledro7001.domucvl.local.isakmp > mail.isrh.it.isakmp: isakmp: phase 1 I agg
    
    

    If I put the computer over the firewall, there are no problem and everything work as expected.
    It seems a NAT problem, but I didn't change anything in configuration.

    What can i do to find where the problem is?

    Thanks