I have 2 sonicwall devices that I'm testing to get a site to site VPN going on.
The first is our NSA3500. This is our main router. Interface X3 goes to a DMZ, X0 is our LAN, X1 and X2 are our internet connections.
I've stuck an old TZ170 into the DMZ and configured it for site to site with the NSA3500 through the X3 DMZ interface. To be clear:
TZ170-->DMZ Switch-->X3 (DMZ)
On the TZ170 I get the following messages in the log:
1.
IKE Initiator: Start Aggressive Mode negotiation (Phase 1)
2.
IKE Initiator: Remote party timeout - Retransmitting IKE request.
3.
IKE negotiation aborted due to timeout
The proposal information is exactly the same. I get nothing in the logs on my NSA3500 (I swear I was earlier but now I'm not), packet monitor for an hour for port 500 shows nothing on my NSA3500.
Any suggestions or thoughts on what to check for next? As far as I can tell, the NSA3500 adds rules based on the VPN policies you create to allow for necessary ports and so on.
EDIT:
My DMZ interface (X3) has an internet routable IP address, and so does every appliance inside my DMZ.