[Solved] The peer is not responding to phase 1 ISAKMP requests

Like this article! Share via

In one of the previous articles, we configure the Global VPN Client on the SonicWall firewall. In this article, we will discuss the common issue we face during connecting Global VPN Client. While connecting to the Global VPN Client, a log entry “The peer is not responding to phase 1 ISAKMP requests” will be generated. This is one of the failure messages. During this error, the client machine keeps sending ISAKMP negotiation requests to the firewall, but the client not getting any response from the firewall. So, we will discuss several possible reasons and resolutions of this error. So, let’s start.

How to troubleshoot – The peer is not responding to phase 1 ISAKMP requests | SonicWall

Now, let’s start the possible solutions one by one.

troubleshooting-the-peer-is-not-responding-to-phase-1-isakmp-requests

  1. Troubleshooting WAN GroupVPN Policy on SonicWall Firewall

    One of the most common issues with “The peer is not responding to phase 1 ISAKMP requests“, is due to the default WAN GroupVPN Policy. By default, the WAN GroupVPN Policy is disabled. You need to make sure that the default WAN GroupVPN Policy must be enabled. Navigate to VPN >> Settings >> VPN Policies and make sure you enabled WAN GroupVPN Policy as shown in the below screenshot.

    sonicwall-vpn-settings

  2. Restrict the size of the first ISAKMP packet sent

    Sometimes, when we initially try to connect to the Global VPN Client (GVC) on a SonicWall firewall, the initial ISAKMP packet is fragmented due to it’s less size. So, whenever the packet is crossing to other Layer 3 devices (i.e. Firewall in-between the path), it will simply not allow the fragmented packet. Thus, it will also cause the issue. So, in this case, we need to enable Restrict the size of the first ISAKMP packet sent option under the Properties.

    This option is only available for Global VPN Client higher than 4.9.14 version.

    You need to select the Global VPN Client Profile and click on Properties.
    configure-connection-profile-on-global-vpn-client-sonicwallNow, you enable the Restrict the size of the first ISAKMP packet sent option, as shown in the below screenshot.
    enable-restrict-the-size-of-the-first-isakmp-packet-sent

  3. Troubleshooting ISAKMP – Phase 1 PreShared Key

    As you already know, the Global VPN Client, establish an IPSec tunnel with the SonicWall Firewall. In the IPSec tunnel, we have two different phases i.e. Phase 1 & Phase 2. A PreShared key is used during the phase 1 parameter negotiation. So, you need to make sure that you copied the correct PreShared Key.

  4. Troubleshooting Connectivity Issue with the SonicWall Firewall

    You need to make sure you have proper connectivity to the SonicWall Firewall. Global VPN Client uses UDP port 500 for the IKE Phase1 negotiation. However, either your SonicWall WAN IP is not reachable or the UDP port 500 is blocked in between, you will get the same error. So, you need to make sure that you have proper connectivity to the SonicWall to avoid “The peer is not responding to phase 1 ISAKMP requests” error.

References

Related Articles

Summary

In this article, we discuss several possible solutions for The peer is not responding to phase 1 ISAKMP requests” error during connecting to the SonicWall firewall using Global VPN Client. It may be caused by the ISAKMP fragmented packet. One of the possible reasons for this error is the WAN GroupVPN Policy. You need to make sure that WAN GroupVPN Policy must be enabled.

Did you like this article? Share this on social media platform and shows us some love 🙂

Like this article! Share via
Must Read :  All Types of Firewall in Networking - Detailed Explained

Leave a Reply

Your email address will not be published. Required fields are marked *