(cross-posting from comp.os.linux.networking, where I got no replies):
I've set up a very simple iptables firewall/proxy box and have been unable to connect to a SonicWall VPN server from behind that box. This problem seems to have come up several times in this newsgroup and others but none of the posted suggestions have helped.
The connection is failing at the initial stage--the error is "The Peer is not responding to phase 1 ISAKMP requests," which I understand to be a generic error that doesn't give much insight into the problem.
The relevant rules on the proxy linux box are as follows:
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(where eth0 faces the WAN and eth1 faces the LAN).
So it's about as simple as you can get. I previously used a DSL router to do NAT and that worked fine without any special configuration--so what is different in my simple iptables setup from that router?
I was informed by sysadmin that UDP port 500 needs to be forwarded, so I tried this additionally:
iptables -A INPUT -p udp -i eth0 --sport 500 --dport 500 -j ACCEPT iptables -A OUTPUT -p udp -o eth0 --sport 500 --dport 500 -j ACCEPT
and also:
iptables -A INPUT -p 50 -i eth0 -j ACCEPT iptables -A OUTPUT -p 50 -o eth0 -j ACCEPT
But none of those additional rules affected the result. I'm not even clear why they would be necessary if the proxy is forwarding all packets.
I'd appreciate any advice about how to troubleshoot this.
(In case it's not obvious--the SonicWALL VPN Client is running on a Windows box).
Running Debian sarge, kernel 2.6.8.