Solved

Can't open port 2030 in Sonicwall Pro 2040

Posted on 2013-11-13
16
604 Views
Last Modified: 2013-11-20
Experts,

I have a client who has an old Sonicwall Pro 2040 router I am trying to configure the source IP 172.28.0.10 port 2030 to destination IP 65.xx.xxx.xxx port 2030. But it will not let me. Any one know how to configure this router so that it will accept these parameters?

Thanks!
0
Comment
Question by:CervisTECH
  • 10
  • 6
16 Comments
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Hi CervisTECH,

That firewall is EOL (End of Life) and should be replaced to effectively secure and provide the current-day functionality demands and threat climate.

Which way is this going WAN>LAN or LAN>WAN?

What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Thanks!
0
 

Author Comment

by:CervisTECH
Comment Utility
WAN to LAN   65.XXX. XXX. XXX to LAN Port 2030. And LAN 172.XXX. XXX. XXX to WAN port 2030.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Did you put ending addresses?

Again, What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Unless you are filtering outbound traffic there is no need to have LAN > WAN rule...you should have * > WAN Allow by default.
0
 

Author Comment

by:CervisTECH
Comment Utility
0
 

Author Comment

by:CervisTECH
Comment Utility
When I try to add a new vpn tunnel all I am getting is a blink VPN Policy window. Any ideas why this is happening?
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Restart the SonicWALL and it should clear up that issue.

Let me know how it goes!
0
 

Author Comment

by:CervisTECH
Comment Utility
How can I dedicate a port for traffic for my vpn? Meaning I want to establish a S-2-S vpn connection to a vendor. But I want him to use port 2030 to send messages over to me in our system. But I don't see in the Sonicwall config how to do that.

Is this possible?
Thanks!
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
First off, did restarting resolve the issue on turning up the blank page?

Secondly, make sure the SonicOS is the most current version.

A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:CervisTECH
Comment Utility
Model:       PRO 2040 Enhanced
 Firmware Version:       SonicOS Enhanced 3.1.0.14-49e
 ROM Version:       SonicROM 2.1.0.0

This is a EOL Router. Not sure if I can update firmware or not. Don't know how.
0
 

Author Comment

by:CervisTECH
Comment Utility
I have the VPN policy configured but how do I enable it? I am not able to get a green dot indicating that it has been enabled.

I checked the other side and they confirmed that the configuration is correct.
Thanks!
0
 

Author Comment

by:CervisTECH
Comment Utility
0
 

Author Comment

by:CervisTECH
Comment Utility
I uploaded the configuration for port # 2030 This is what I've done:

1. Name: Interface
2. Protocol: TCP(6) Is this the correct protocol I should be using?
3. Port Range: 2030 - 2050
4. Sub Type: None (greyed out)

After clicking Next:
1. Server Name
2. IP Address of my server: 172.168.0.10
3. Gave description of server

So after configuring this the send server (remote user) will be able to send to my server (172.168.0.10) on port 2030. Is this correct and am I leaving anything out?

Thanks!
0
 

Author Comment

by:CervisTECH
Comment Utility
Here is what I am getting from the other router:

Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [XAUTH]
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [Dead Peer Detection]
Nov 20 10:44:28 "CDC-1" #19372: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 20 10:44:28 "CDC-1" #19372: Main mode peer ID is ID_IPV4_ADDR: '97.xxx.xxx.xx'
Nov 20 10:44:28 "CDC-1" #19372: I did not send a certificate because I do not have one.
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
Nov 20 10:44:28 "CDC-1" #19373: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Nov 20 10:44:28 "CDC-1" #19373: no acceptable Proposal in IPsec SA
Nov 20 10:44:28 "CDC-1" #19373: sending encrypted notification NO_PROPOSAL_CHOSEN to 97.xxx.xxx.xx:500

From the logs, it seems the Sonicwall is refusing the connection due to strict flag.
Not sure why Sonicwall is refusing the connection.

Thanks!
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Please understand that if you don't answer all my questions it will be impossible to guide you. From my comment (http:#a39657911) you answered the SonicOS version but did not comment to this...
A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
The phases will fail if you arbitrarily change the VPN ports.

Here is how you upgrade your firmware & backup your settings:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on your local computer.

2. On the System > Settings page, click the Export Settings button to save the current configuration to a file. You will be prompted to select the location on you hard drive to save the file.

3.  For good measure, click on the Create Backup Settings button to save the current firmware and settings within the SonicWALL appliance.

4. On the System > Settings page, click Upload New Firmware.

5. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and click Upload.

6. Click the Boot icon in the row for Uploaded Firmware - New!
Let me know how it goes!
0
 

Author Closing Comment

by:CervisTECH
Comment Utility
It appears that the Phase 1 parameters configuration were mismatch.  I was using encryption 3DES and they were using AES128. Thanks for your help.... I wish I could give more points to you as you really helped me to figure out what I was doing wrong.

Thanks!
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
My pleasure!  I'm glad I could help and thanks for the points!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco Layer 2 Switches 6 48
Simple Guest VLAN Help 17 33
Printer Settings 3 58
static routing issue no access to public internet 7 15
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now