Solved

Sonicwall VPN Setup Help Needed?

Posted on 2007-12-05
16
461 Views
Last Modified: 2013-11-16
Hi All,

i am trying to initiate my first VPN setup, i have read through the manual and searched all around but cannot for the life of me work out why i cannot get it working.

I have a Vigor 3100 modem connected directly to the Sonicwall using the sonicwall as a DMZ, i have activated the GroupVPN in the sonic wall and set the dhcp request forwarding to my network.

I have no clue why i cannot connect, is there anything else i need to do? please could someone help point me in the right direction?

Thanks!

Arran
0
Comment
Question by:gaa18
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418092
!st you have to ask yourself ...  do both firewall have static public ipaddress exposed to the internet?  
0
 

Author Comment

by:gaa18
ID: 20418304
yes within the firewall the public ip address is shown within the WAN settings and the router has the same.... is this not right?
0
 
LVL 9

Accepted Solution

by:
the_b1ackfox earned 500 total points
ID: 20418352
ok assuming firewall1 public ipaddess is 1.2.3.4  and firewall2 public ipaddress is 5.6.7.8... the subnet behind firewall1 is 10.10.10.0 and the subnet behind firewall2 is 10.10.20.0, log into sonicwall 2040, go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall2 (name), then put in the public  ipaddress of firewall2 (ipsec primary gateway name) in shared sercret pick a 16 character string (hence forth call the secret) and enter it in Shared secret and confirm shared secret... go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet,,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall2's remote subnet (10.10.20.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......
0
 

Author Comment

by:gaa18
ID: 20418367
i only have 1 public ip address :| do i need more?
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418378
now do the same on firewall2... but switch out the values   (localsubnet now equals 10.10.20.0, remotesubnet=10.10.10.0)

go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall1 (name), then put in the public  ipaddress of firewall1 (ipsec primary gateway name) enter your shared secret and confirm it.. go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet(10.10.20.0),,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall1's remote subnet (10.10.10.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......

now... see if the vpn is created... if it doesn't show as being connected... go to your rules, and add a rule which allows (for the moment all services) on both firewalls through the vpn from the lan... and then try to ping from the network.... WHEW!!!
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418390
do you only have 1 firewall or two firewalls?  and no, if you have two firewalls for testing, you don't need to have two public ip addresses to do this...  you can do it with any of the firewalls interfaces, but you must have two different subnets (or data wil not flow through the tunnel)
0
 

Author Comment

by:gaa18
ID: 20418440
ok im baffled!

i have the router/firewall(a draytek) in which i disabled the firewall features and put the DMZ server as the Sonicwall.

in the sonicwall i didnt do much.

:S
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418453
can you give me  a mock IP scheme to work with here?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:gaa18
ID: 20418462
no problem.

i have the router (Draytek) set with a WAN IP of 195.112.55.1 and a local of 192.168.254.252
I have The Sonicwall With WAN OF 195.112.55.1 and a local of 192.168.254.168
the server is the DHCP and sonicwall is configured to forward dhcp requests to 192.168.254.3

:)

0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418469
yeah... your biggest issue is that the wan interface of your two devices are the same
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418476
problem #2 is that the local subnets of both are the same
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418481
The two devices need to be able to route traffic from one subnet to another, but if the remote subnet is the same as your sending subnet, you get no traffic flow... and when you have two network devices with the same IP address, you again get no data flow, because you will not have any connectivity
0
 

Author Comment

by:gaa18
ID: 20418489
ok so what would you suggest i do based on me having one public ip address? which shall i change and to what?

sorry for the trouble :(
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20418514
You are doing this to learn how to do it right?  so setup a test environment.  your internet will be down for a bit while you do it, but we will change only one device, so you can pop back on pretty easily.   so, modify the sonicwall so it's wan address is  195.112.55.13... change it lan ip address to 192.168.15.254 and change one device (host) so it's ip address is 192.168.15.10 255.255.255.0 gw 192.168.15.254

Now you have two seperate subnets and two seperate wan ip's...  follow the steps from post #3 & #5
and you will be good.  to get back on the internet (I made an assumption that you were using the router for internet access), just unhook the firewall and connect the router back to the modem
0
 

Author Comment

by:gaa18
ID: 20418531
no i will be doing this in a live environment!

will give this a go.

thanks for your help!
0
 

Author Closing Comment

by:gaa18
ID: 31413093
:)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now