This week was spent chasing down issues with a VPN tunnel built between a SonicWall PRO3060 standard and a Cisco ASA 5550. The tunnels would build, but kept tearing themselves down. After scouring the net for any hints of help, I came up empty. Of course, SonicWall’s support gave their usual answer, “Upgrade the firmware.”
“Will that fix the problem?”
“I don’t know sir, but you should really be running on this firmware version.”
Every time I call, that is the answer. And this is level two support that I am calling.
Finally with the help of our SE, it was discovered that the ‘Keep Alive’ setting on the SonicWall was causing the issue. It appears (in hindsight) that the SonicWall would think that the tunnel was active, while the Cisco would think the tunnel was inactive. Of course, when the SonicWall sent encrypted packets, it caused issues. We kept getting “invalid id info” errors. Which of course, all makes sense.
This is the issue with going enterprise with a smaller company like SonicWall. Cisco, I’m sure, hasn’t spent a lot of time testing interoperability with SonicWall, and SonicWall’s knowledge base is non-existent. Well, at least I can spend my three day weekend not worrying about it.