Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

Sonicwall VPN Setup Help Needed?

Hi All,

i am trying to initiate my first VPN setup, i have read through the manual and searched all around but cannot for the life of me work out why i cannot get it working.

I have a Vigor 3100 modem connected directly to the Sonicwall using the sonicwall as a DMZ, i have activated the GroupVPN in the sonic wall and set the dhcp request forwarding to my network.

I have no clue why i cannot connect, is there anything else i need to do? please could someone help point me in the right direction?

Thanks!

Arran
0
gaa18
Asked:
gaa18
  • 9
  • 7
1 Solution
 
the_b1ackfoxCommented:
!st you have to ask yourself ...  do both firewall have static public ipaddress exposed to the internet?  
0
 
gaa18Author Commented:
yes within the firewall the public ip address is shown within the WAN settings and the router has the same.... is this not right?
0
 
the_b1ackfoxCommented:
ok assuming firewall1 public ipaddess is 1.2.3.4  and firewall2 public ipaddress is 5.6.7.8... the subnet behind firewall1 is 10.10.10.0 and the subnet behind firewall2 is 10.10.20.0, log into sonicwall 2040, go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall2 (name), then put in the public  ipaddress of firewall2 (ipsec primary gateway name) in shared sercret pick a 16 character string (hence forth call the secret) and enter it in Shared secret and confirm shared secret... go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet,,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall2's remote subnet (10.10.20.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
gaa18Author Commented:
i only have 1 public ip address :| do i need more?
0
 
the_b1ackfoxCommented:
now do the same on firewall2... but switch out the values   (localsubnet now equals 10.10.20.0, remotesubnet=10.10.10.0)

go to vpn tab and click add (General tab) select ike using preshared key, and give it the name of firewall1 (name), then put in the public  ipaddress of firewall1 (ipsec primary gateway name) enter your shared secret and confirm it.. go to Network tab, in local network, select the dropdown button and pick create new network object.. make sure the that the object you create is a network object and give it a decriptive name like localsubnet(10.10.20.0),,, in the destination network, in the dropdown menu select  create new network object, and give it the subnet for firewall1's remote subnet (10.10.10.0) and give it a decriptive name like remotesubnet...  now go to proposals..select mainmode, then leave the rest of the selection as defaults and remember esp, 3des and sha1, group2......

now... see if the vpn is created... if it doesn't show as being connected... go to your rules, and add a rule which allows (for the moment all services) on both firewalls through the vpn from the lan... and then try to ping from the network.... WHEW!!!
0
 
the_b1ackfoxCommented:
do you only have 1 firewall or two firewalls?  and no, if you have two firewalls for testing, you don't need to have two public ip addresses to do this...  you can do it with any of the firewalls interfaces, but you must have two different subnets (or data wil not flow through the tunnel)
0
 
gaa18Author Commented:
ok im baffled!

i have the router/firewall(a draytek) in which i disabled the firewall features and put the DMZ server as the Sonicwall.

in the sonicwall i didnt do much.

:S
0
 
the_b1ackfoxCommented:
can you give me  a mock IP scheme to work with here?
0
 
gaa18Author Commented:
no problem.

i have the router (Draytek) set with a WAN IP of 195.112.55.1 and a local of 192.168.254.252
I have The Sonicwall With WAN OF 195.112.55.1 and a local of 192.168.254.168
the server is the DHCP and sonicwall is configured to forward dhcp requests to 192.168.254.3

:)

0
 
the_b1ackfoxCommented:
yeah... your biggest issue is that the wan interface of your two devices are the same
0
 
the_b1ackfoxCommented:
problem #2 is that the local subnets of both are the same
0
 
the_b1ackfoxCommented:
The two devices need to be able to route traffic from one subnet to another, but if the remote subnet is the same as your sending subnet, you get no traffic flow... and when you have two network devices with the same IP address, you again get no data flow, because you will not have any connectivity
0
 
gaa18Author Commented:
ok so what would you suggest i do based on me having one public ip address? which shall i change and to what?

sorry for the trouble :(
0
 
the_b1ackfoxCommented:
You are doing this to learn how to do it right?  so setup a test environment.  your internet will be down for a bit while you do it, but we will change only one device, so you can pop back on pretty easily.   so, modify the sonicwall so it's wan address is  195.112.55.13... change it lan ip address to 192.168.15.254 and change one device (host) so it's ip address is 192.168.15.10 255.255.255.0 gw 192.168.15.254

Now you have two seperate subnets and two seperate wan ip's...  follow the steps from post #3 & #5
and you will be good.  to get back on the internet (I made an assumption that you were using the router for internet access), just unhook the firewall and connect the router back to the modem
0
 
gaa18Author Commented:
no i will be doing this in a live environment!

will give this a go.

thanks for your help!
0
 
gaa18Author Commented:
:)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now