Solved

Sonicwall VPN Setup Help Needed?

Posted on 2007-12-05
16
472 Views
Last Modified: 2013-11-16
Hi All,

i am trying to initiate my first VPN setup, i have read through the manual and searched all around but cannot for the life of me work out why i cannot get it working.

I have a Vigor 3100 modem connected directly to the Sonicwall using the sonicwall as a DMZ, i have activated the GroupVPN in the sonic wall and set the dhcp request forwarding to my network.

I have no clue why i cannot connect, is there anything else i need to do? please could someone help point me in the right direction?

Thanks!

Arran
0
Comment
Question by:gaa18
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418092
!st you have to ask yourself ...  do both firewall have static public ipaddress exposed to the internet?  
0
 

Author Comment

by:gaa18
ID: 20418304
yes within the firewall the public ip address is shown within the WAN settings and the router has the same.... is this not right?
0
 
LVL 9

Accepted Solution

by:
the_b1ackfox earned 500 total points
ID: 20418352
ok assuming firewall1 public ipaddess is 1.2.3.4  and firewall2 public ipaddress is 5.6.7.8... the subnet behind firewall1 is 10.10.10.0 and the subnet behind firewall2 is 10.10.20.0, log into sonicwall 2040, go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall2 (name), then put in the public  ipaddress of firewall2 (ipsec primary gateway name) in shared sercret pick a 16 character string (hence forth call the secret) and enter it in Shared secret and confirm shared secret... go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet,,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall2's remote subnet (10.10.20.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:gaa18
ID: 20418367
i only have 1 public ip address :| do i need more?
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418378
now do the same on firewall2... but switch out the values   (localsubnet now equals 10.10.20.0, remotesubnet=10.10.10.0)

go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall1 (name), then put in the public  ipaddress of firewall1 (ipsec primary gateway name) enter your shared secret and confirm it.. go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet(10.10.20.0),,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall1's remote subnet (10.10.10.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......

now... see if the vpn is created... if it doesn't show as being connected... go to your rules, and add a rule which allows (for the moment all services) on both firewalls through the vpn from the lan... and then try to ping from the network.... WHEW!!!
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418390
do you only have 1 firewall or two firewalls?  and no, if you have two firewalls for testing, you don't need to have two public ip addresses to do this...  you can do it with any of the firewalls interfaces, but you must have two different subnets (or data wil not flow through the tunnel)
0
 

Author Comment

by:gaa18
ID: 20418440
ok im baffled!

i have the router/firewall(a draytek) in which i disabled the firewall features and put the DMZ server as the Sonicwall.

in the sonicwall i didnt do much.

:S
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418453
can you give me  a mock IP scheme to work with here?
0
 

Author Comment

by:gaa18
ID: 20418462
no problem.

i have the router (Draytek) set with a WAN IP of 195.112.55.1 and a local of 192.168.254.252
I have The Sonicwall With WAN OF 195.112.55.1 and a local of 192.168.254.168
the server is the DHCP and sonicwall is configured to forward dhcp requests to 192.168.254.3

:)

0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418469
yeah... your biggest issue is that the wan interface of your two devices are the same
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418476
problem #2 is that the local subnets of both are the same
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418481
The two devices need to be able to route traffic from one subnet to another, but if the remote subnet is the same as your sending subnet, you get no traffic flow... and when you have two network devices with the same IP address, you again get no data flow, because you will not have any connectivity
0
 

Author Comment

by:gaa18
ID: 20418489
ok so what would you suggest i do based on me having one public ip address? which shall i change and to what?

sorry for the trouble :(
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418514
You are doing this to learn how to do it right?  so setup a test environment.  your internet will be down for a bit while you do it, but we will change only one device, so you can pop back on pretty easily.   so, modify the sonicwall so it's wan address is  195.112.55.13... change it lan ip address to 192.168.15.254 and change one device (host) so it's ip address is 192.168.15.10 255.255.255.0 gw 192.168.15.254

Now you have two seperate subnets and two seperate wan ip's...  follow the steps from post #3 & #5
and you will be good.  to get back on the internet (I made an assumption that you were using the router for internet access), just unhook the firewall and connect the router back to the modem
0
 

Author Comment

by:gaa18
ID: 20418531
no i will be doing this in a live environment!

will give this a go.

thanks for your help!
0
 

Author Closing Comment

by:gaa18
ID: 31413093
:)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question