In one of the previous articles, we configure the Global VPN Client on the SonicWall firewall. In this article, we will discuss the common issue we face during connecting Global VPN Client. While connecting to the Global VPN Client, a log entry “The peer is not responding to phase 1 ISAKMP requests” will be generated. This is one of the failure messages. During this error, the client machine keeps sending ISAKMP negotiation requests to the firewall, but the client not getting any response from the firewall. So, we will discuss several possible reasons and resolutions for this error. So, let’s start.
How to troubleshoot – The peer is not responding to phase 1 ISAKMP requests | SonicWall
Now, let’s start with the possible solutions one by one.
Troubleshooting WAN GroupVPN Policy on SonicWall Firewall
One of the most common issues with “The peer is not responding to phase 1 ISAKMP requests“, is due to the default WAN GroupVPN Policy. By default, the WAN GroupVPN Policy is disabled. You need to make sure that the default WAN GroupVPN Policy must be enabled. Navigate to VPN >> Settings >> VPN Policies and make sure you enabled WAN GroupVPN Policy as shown in the below screenshot.
Restrict the size of the first ISAKMP packet sent
Sometimes, when we initially try to connect to the Global VPN Client (GVC) on a SonicWall firewall, the initial ISAKMP packet is fragmented due to its less size. So, whenever the packet is crossing to other Layer 3 devices (i.e. Firewall in-between the path), it will simply not allow the fragmented packet. Thus, it will also cause the issue. So, in this case, we need to enable Restrict the size of the first ISAKMP packet sent option under the Properties.
This option is only available for Global VPN Client higher than 4.9.14 version.
You need to select the Global VPN Client Profile and click on Properties.
Now, you enable the Restrict the size of the first ISAKMP packet sent option, as shown in the below screenshot.
Troubleshooting ISAKMP – Phase 1 PreShared Key
As you already know, the Global VPN Client, establish an IPSec tunnel with the SonicWall Firewall. In the IPSec tunnel, we have two different phases i.e. Phase 1 & Phase 2. A PreShared key is used during the phase 1 parameter negotiation. So, you need to make sure that you copied the correct PreShared Key.
Troubleshooting Connectivity Issue with the SonicWall Firewall
You need to make sure you have proper connectivity to the SonicWall Firewall. Global VPN Client uses UDP port 500 for the IKE Phase1 negotiation. However, either your SonicWall WAN IP is not reachable or the UDP port 500 is blocked in between, you will get the same error. So, you need to make sure that you have proper connectivity to the SonicWall to avoid the “The peer is not responding to phase 1 ISAKMP requests” error.
- How to configure Global VPN Client on SonicWall Next-Gen Firewall
- Configure SSL VPN on SonicWall Next-Gen Firewall | NetExtender
- How to deploy SonicWall Next-Gen Firewall in VMWare Workstation
In this article, we discuss several possible solutions for the “The peer is not responding to phase 1 ISAKMP requests” error during connecting to the SonicWall firewall using Global VPN Client. It may be caused by the ISAKMP fragmented packet. One of the possible reasons for this error is the WAN GroupVPN Policy. You need to make sure that WAN GroupVPN Policy must be enabled.
Did you like this article? Share this on social media platform and shows us some love 🙂
I’ve checked all these points and they are as described on my setup… still, we get intermittent connection failures due to “The peer is not responding to phase 1 ISAKMP requests”
Generally this started right after changing my provider from Dynamico to a Fixed ip in which, we must configure a port to pass through. or go directly through the DMZ.
interesting. Will check that. We’re on a leased line with static IP.
For $50 will you please help me, I have a TZ100 that is past warranty date and I cannot renew support, I was able to connect to vpn using global client last week, this week I cannot….i haven’t made any setting changes….i get the phase 1 and then it jsut hangs there
Hi Brad, request you to please contact us.
Many thanks!, I resolved the problem marking the Restrict the size of the first ISAKMP packet sent