AUCKLANDIT
asked on
Sonicwall TZ 150
Hello,
I have set this up for VPN - can get on VPN when on local network but not from outside.
What ports need forwarded to the sonicwall from my DSL Router?
I have set this up for VPN - can get on VPN when on local network but not from outside.
What ports need forwarded to the sonicwall from my DSL Router?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DSL Router - AWIRE 2701HGV-W Gateway
When you put the modem into transparent bridge mode, then the WAN interface takes on the public ip address. your LAN interfaces stays at the same IP address. do you have a static ip or is it assigned by your isp using dhcp? sometimes, the modem will be in bridge mode but still authenticate with PPPoE. reviewing the manual, it looks like that's what this modem does. search for bridge mode in the manual.
http://www.2wire.com/pages/pdfs/5100-000326-000.Rev.A.pdf
http://www.2wire.com/pages/pdfs/5100-000326-000.Rev.A.pdf
ASKER
I don't want to change anything on the modem as its already setup for other port forwards etc.
I did get it working by looking at what inbound ports was coming to it and opening them up, it appears to be an issue around port 500 as the inbound can be a random port but then gets translated to port 500. What could this issue be as the next time logging in could be a different port so then does not work
I did get it working by looking at what inbound ports was coming to it and opening them up, it appears to be an issue around port 500 as the inbound can be a random port but then gets translated to port 500. What could this issue be as the next time logging in could be a different port so then does not work
ASKER
does anyone know the list of ports needed fwding to the sonicwall from the dsl router?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@jimmy :: Do you read previous posts? Setting to bridge mode has already been suggested and the author has indicated it's not an option.
You are not going to be able to create a stable VPN over the internet without letting the sonicwall have direct access to the a public IP address. The purpose of a VPN is to connect one local subnet to another local subnet securely across a "public subnet" (internet). ie: subnet -> internet -> subnet
If the DSL Router is not in bridged mode then you are creating a path of subnet -> subnet -> internet -> subnet.
The second subnet will not allow the two ending subnets to create a secure connection. You are going to have to chose between a stable sonicwall VPN (and move your port forwards to the sonicwall) or go with a PC to PC VPN. You may be able to get the sonicwall to enable a VPN with the DSL router being the gateway, but it will not be stable or secure. What is the purpose of having a VPN if you have to give up it's security and stability?
If the DSL Router is not in bridged mode then you are creating a path of subnet -> subnet -> internet -> subnet.
The second subnet will not allow the two ending subnets to create a secure connection. You are going to have to chose between a stable sonicwall VPN (and move your port forwards to the sonicwall) or go with a PC to PC VPN. You may be able to get the sonicwall to enable a VPN with the DSL router being the gateway, but it will not be stable or secure. What is the purpose of having a VPN if you have to give up it's security and stability?
ASKER
Thanks, I have a client who already has this setup with the same DSL modem and same Sonicwall - going to look at all their settings today - will post if some more info comes to light...
cool...
ASKER
could not get onto other clients router to look, but copied their sonicwall settings.
I ended up using another DSL router and put the sonicwall in DMZ and it appears to work - just waiting now for the SonicWALL Global VPN Client License to come through from firewalls.com to let it let me on remotely.
I ended up using another DSL router and put the sonicwall in DMZ and it appears to work - just waiting now for the SonicWALL Global VPN Client License to come through from firewalls.com to let it let me on remotely.
thanks for the points!
ASKER
The I.P address I have on the WAN interface is 192.168.1.253 which is the IP of the sonicwall in my routers subnet.
the LAN interface is 10.0.0.254
If I change to transparent mode then it changes the WAN & LAN to the same IP?