Solved

Cannot connect to devices behind Cable Router and Sonicwall Firewall

Posted on 2010-09-14
11
333 Views
Last Modified: 2012-06-21
We have a business internet account with Comcast.
They provided and router/firewall. Behind that I have a Sonicwall TZ170 Standard.
Right now we are using the sonicwall to establish a Point to Point VPN with another sonicwall at a remote office.

The problem I am having is being able to use Remote Desktop to access the servers behind the firewall on the comcast side.

the way I have this set up is a 1-1 Nat on the Comcast device that takes the public IP's and Nat it to a private IP on the WAN side of the Sonicwall. Then I have set up another 1-1 Nat on the Sonicwall to translate the WAN IP subnet to LAN IP subnet. And the respective rules to allow access to the specified LAN servers.

But I am not able to get access and was hoping someone could help me out with this.
0
Comment
Question by:sparkis
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:richy92
ID: 33671772
Have you tried connecting a laptop after the comcast device and before the sonicwall - see if you can RDP to that, it won't fix the problem but it may help you narrow down what is causing it ?
0
 

Author Comment

by:sparkis
ID: 33671811
Yes I can.
0
 
LVL 5

Accepted Solution

by:
richy92 earned 500 total points
ID: 33671921
Then it look like a problem with the config on the sonicwall device - are you sure you have the natting setup correctly and the rules to allow RDP (tcp 3389 I think)

You could set an "any - any" rule on the sonicwall and test it again, if it works then it maybe the nat setup, if not then it maybe a problem with the rules
0
 

Author Comment

by:sparkis
ID: 33672233
on Comcast Public IP Nat to 10.1.x.x
Sonciwall IP Nat 10.1.x.x to 192.168.x.x

Sonicwall Wall Rule - Any to LAN (192.168.x.x) ~remote desktop server using Terminal Server Rule.
0
 
LVL 5

Expert Comment

by:richy92
ID: 33672635
how big is your external range ? What subnet masks are you using ?
public IP to 10.1.x.x is a huge range (10.1.1.1 - 10.1.255.255) are you sure this is correct ?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:sparkis
ID: 33672646
class C
everything is set up correctly.
0
 
LVL 5

Expert Comment

by:richy92
ID: 33672758
Did your ISP give you a class C public range - I find that a little odd, that would indicate you have 254 availble public ip addresses - this would be extremely unusual as the world is running out of IPv4 addresses and ISPs are getting a bit tight about handing them out.
I would think it more likely that you have a subset of a class C maybe 16 or 32 addresses with a .240 or .224 mask ?

If you can provide some more info I will try to help, although sonicwall is not something i use often
0
 

Author Comment

by:sparkis
ID: 33673067
No a 10.1.x.x is a private range. not public. that is not the issue.

I fixed the problem - or the isp did. even though I disabled settings on their firewall it was not applying them. Tier 2 stepped in and corrected the issue.
I thought the issue was the dual nat but now everything is working fine.

Thanks anyway for your help.
0
 

Author Comment

by:sparkis
ID: 33673360
I just used x.x to not specify any of my info
0
 
LVL 5

Expert Comment

by:richy92
ID: 33674392
GLad you got it fixed
0
 

Author Closing Comment

by:sparkis
ID: 33793126
i just need to ask a new questions and it wont allow me with this abandoned questions
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now