Solved

Sonicwall TZ 150

Posted on 2010-08-24
14
510 Views
Last Modified: 2012-05-10
Hello,

I have set this up for VPN - can get on VPN when on local network but not from outside.

What ports need forwarded to the sonicwall from my DSL Router?
0
Comment
Question by:AUCKLANDIT
14 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33517749
do you have a public ip address on the WAN interface of the sonicwall?  if not, then your modem is nat'ing which breaks IPSEC used with VPN connections.  put your dsl modem in transparent bridge mode to accomplish this.  what model of dsl modem do you have.  i'm also suprised that you can connect to the VPN internally.  that usually doesn't work.
0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33517821
I can only connect to the VPN locally if doing via the i.p address of the VPN rather than my remote.mydomain.com

The I.P address I have on the WAN interface is 192.168.1.253 which is the IP of the sonicwall in my routers subnet.

the LAN interface is 10.0.0.254

If I change to transparent mode then it changes the WAN & LAN to the same IP?

0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33517825
DSL Router - AWIRE 2701HGV-W Gateway
0
 
LVL 33

Expert Comment

by:digitap
ID: 33517917
When you put the modem into transparent bridge mode, then the WAN interface takes on the public ip address.  your LAN interfaces stays at the same IP address.  do you have a static ip or is it assigned by your isp using dhcp?  sometimes, the modem will be in bridge mode but still authenticate with PPPoE.  reviewing the manual, it looks like that's what this modem does.  search for bridge mode in the manual.

http://www.2wire.com/pages/pdfs/5100-000326-000.Rev.A.pdf
0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33519811
I don't want to change anything on the modem as its already setup for other port forwards etc.

I did get it working by looking at what inbound ports was coming to it and opening them up, it appears to be an issue around port 500 as the inbound can be a random port but then gets translated to port 500.  What could this issue be as the next time logging in could be a different port so then does not work
0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33520851
does anyone know the list of ports needed fwding to the sonicwall from the dsl router?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33521056
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 250 total points
ID: 33522765
The WAN IP 192.168.1.253 is on a private range, and isn't routable.  This means you won't be able to reach it from the internet.  Do you have a public IP set up that forwards to the sonicwall?

I would put the DSL modem/router in bridged mode and assign the public IP directly to the Sonicwall's WAN interface.  This will make things much easier to manage, with the sonicwall handling all the firewall rules.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33522806
@jimmy :: Do you read previous posts?  Setting to bridge mode has already been suggested and the author has indicated it's not an option.
0
 
LVL 8

Expert Comment

by:dosdet2
ID: 33523155
You are not going to be able to create a stable VPN over the internet without letting the sonicwall have direct access to the a public IP address.  The purpose of a VPN is to connect one local subnet to another local subnet securely across a "public subnet" (internet).    ie: subnet -> internet -> subnet

If the DSL Router is not in bridged mode then you are creating a path of subnet -> subnet -> internet -> subnet.  

The second subnet will not allow the two ending subnets to create a secure connection.  You are going to have to chose between a stable sonicwall VPN (and move your port forwards to the sonicwall) or go with a PC to PC VPN.  You may be able to get the sonicwall to enable a VPN with the DSL router being the gateway, but it will not be stable or secure.  What is the purpose of having a VPN if you have to give up it's security and stability?
0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33525691
Thanks, I have a client who already has this setup with the same DSL modem and same Sonicwall - going to look at all their settings today - will post if some more info comes to light...
0
 
LVL 33

Expert Comment

by:digitap
ID: 33525826
cool...
0
 
LVL 1

Author Comment

by:AUCKLANDIT
ID: 33546714
could not get onto other clients router to look, but copied their sonicwall settings.

I ended up using another DSL router and put the sonicwall in DMZ and it appears to work - just waiting now for the SonicWALL Global VPN Client License to come through from firewalls.com to let it let me on remotely.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33546741
thanks for the points!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Broadband over Power Lines Broadband over Power Lines is the technology of transmitting computer data through power lines. This method of connectivity allows the user to have access to the internet without having to rely on additional cables, suc…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now