[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't connect Sonicwall VPN from WinXP2 machine

Posted on 2006-06-04
7
Medium Priority
?
307 Views
Last Modified: 2012-08-14
Hi,

I have Sonicwall TZ firewall setup with VPN access.  I can access the VPN from all machines except from 2 brand Dell new laptops just added to the domain.  The laptops are running Windows XP Pro SP2.  The network is a SBS 2003.  When I attempt to connect to the VPN, I get prompted for my username and password but it can never connect.  It says that IKA packets have been blocked in the Sonicwall log.  I have disabled my McAfee ASAP firewall for the client machines and attempted to disable the Windows XP firewall but the options to turn it off are greyed out.  After removing the machine from the domain, I can disable the Win firewall but it still can not connect.  Readding the machine to the domain renables the firewall and greys out the options again.  Does the sonicwall require its clients to be a member of the domain?  Anyone have any suggestions why the machine would not connect to the VPN?  



0
Comment
Question by:nextleveltech
  • 3
  • 3
7 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16830030
Hi nextleveltech,

sounds like there is a policy on your domain that turns on your xp firewall - can you confirm that with an admin?
0
 
LVL 1

Author Comment

by:nextleveltech
ID: 16830158
There is a policy that controls the firewall, currently it is set for a domain profile rather than a standalone.  However removing it fro the domain disables the firewall and converts it to a standalone profile but I still did not have better luck.  Also, the firewall does have an exception enabled for the VPN Client.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16830224
screw the windows firewall completely    its nothing but a bucket of  (*&$(&%
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 1

Author Comment

by:nextleveltech
ID: 16830235
thanks for the responses, however I had disabled the firewall when I took the machine out of the domain. But,  I still could not connect.  Now I am not sure if sonicwall requires that the client be a part of a domain (never set a VPN up for a peer to peer), but I would have thought it would have worked.  

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16830255
i havent dealt with the sonic wall side but i know most VPN's do require a domain membership of some sort
0
 
LVL 19

Accepted Solution

by:
feptias earned 1500 total points
ID: 16842026
Based on experience with a different model of Sonicwall, it does not require VPN users to be members of the domain.

On my Sonicwall, you can set the VPN policy to require xauth client authentication. When this is set, then each remote VPN user requires a local user account in the Users section of the Sonicwall config manager. In the user account details the box "Access from VPN client with XAUTH" should be ticked. Could this be your problem perhaps?

Is it possible to get a better understanding of the problem from those reports in the log file saying that IKA packets have been blocked - does the log message indicate which direction these packets were travelling and where they were blocked?
0
 
LVL 1

Author Comment

by:nextleveltech
ID: 16863306
Thank you for your responses.  I have confirmed that Sonicwall does not require a domain account and that the Windows XP and McAfee firewalls were causing the issue.  

Thank yu very much
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question