Ramtek Support
asked on
Can't open port 2030 in Sonicwall Pro 2040
Experts,
I have a client who has an old Sonicwall Pro 2040 router I am trying to configure the source IP 172.28.0.10 port 2030 to destination IP 65.xx.xxx.xxx port 2030. But it will not let me. Any one know how to configure this router so that it will accept these parameters?
Thanks!
I have a client who has an old Sonicwall Pro 2040 router I am trying to configure the source IP 172.28.0.10 port 2030 to destination IP 65.xx.xxx.xxx port 2030. But it will not let me. Any one know how to configure this router so that it will accept these parameters?
Thanks!
ASKER
WAN to LAN 65.XXX. XXX. XXX to LAN Port 2030. And LAN 172.XXX. XXX. XXX to WAN port 2030.
Did you put ending addresses?
Again, What error message are you getting when you try? Can you provide a screenshot of your Access Rules?
Unless you are filtering outbound traffic there is no need to have LAN > WAN rule...you should have * > WAN Allow by default.
Again, What error message are you getting when you try? Can you provide a screenshot of your Access Rules?
Unless you are filtering outbound traffic there is no need to have LAN > WAN rule...you should have * > WAN Allow by default.
ASKER
ASKER
When I try to add a new vpn tunnel all I am getting is a blink VPN Policy window. Any ideas why this is happening?
Restart the SonicWALL and it should clear up that issue.
Let me know how it goes!
Let me know how it goes!
ASKER
How can I dedicate a port for traffic for my vpn? Meaning I want to establish a S-2-S vpn connection to a vendor. But I want him to use port 2030 to send messages over to me in our system. But I don't see in the Sonicwall config how to do that.
Is this possible?
Thanks!
Is this possible?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Model: PRO 2040 Enhanced
Firmware Version: SonicOS Enhanced 3.1.0.14-49e
ROM Version: SonicROM 2.1.0.0
This is a EOL Router. Not sure if I can update firmware or not. Don't know how.
Firmware Version: SonicOS Enhanced 3.1.0.14-49e
ROM Version: SonicROM 2.1.0.0
This is a EOL Router. Not sure if I can update firmware or not. Don't know how.
ASKER
I have the VPN policy configured but how do I enable it? I am not able to get a green dot indicating that it has been enabled.
I checked the other side and they confirmed that the configuration is correct.
Thanks!
I checked the other side and they confirmed that the configuration is correct.
Thanks!
ASKER
ASKER
I uploaded the configuration for port # 2030 This is what I've done:
1. Name: Interface
2. Protocol: TCP(6) Is this the correct protocol I should be using?
3. Port Range: 2030 - 2050
4. Sub Type: None (greyed out)
After clicking Next:
1. Server Name
2. IP Address of my server: 172.168.0.10
3. Gave description of server
So after configuring this the send server (remote user) will be able to send to my server (172.168.0.10) on port 2030. Is this correct and am I leaving anything out?
Thanks!
1. Name: Interface
2. Protocol: TCP(6) Is this the correct protocol I should be using?
3. Port Range: 2030 - 2050
4. Sub Type: None (greyed out)
After clicking Next:
1. Server Name
2. IP Address of my server: 172.168.0.10
3. Gave description of server
So after configuring this the send server (remote user) will be able to send to my server (172.168.0.10) on port 2030. Is this correct and am I leaving anything out?
Thanks!
ASKER
Here is what I am getting from the other router:
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [XAUTH]
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [Dead Peer Detection]
Nov 20 10:44:28 "CDC-1" #19372: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike -02/03: no NAT detected
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 20 10:44:28 "CDC-1" #19372: Main mode peer ID is ID_IPV4_ADDR: '97.xxx.xxx.xx'
Nov 20 10:44:28 "CDC-1" #19372: I did not send a certificate because I do not have one.
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
Nov 20 10:44:28 "CDC-1" #19373: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Nov 20 10:44:28 "CDC-1" #19373: no acceptable Proposal in IPsec SA
Nov 20 10:44:28 "CDC-1" #19373: sending encrypted notification NO_PROPOSAL_CHOSEN to 97.xxx.xxx.xx:500
From the logs, it seems the Sonicwall is refusing the connection due to strict flag.
Not sure why Sonicwall is refusing the connection.
Thanks!
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [XAUTH]
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [Dead Peer Detection]
Nov 20 10:44:28 "CDC-1" #19372: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 20 10:44:28 "CDC-1" #19372: Main mode peer ID is ID_IPV4_ADDR: '97.xxx.xxx.xx'
Nov 20 10:44:28 "CDC-1" #19372: I did not send a certificate because I do not have one.
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
Nov 20 10:44:28 "CDC-1" #19373: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Nov 20 10:44:28 "CDC-1" #19373: no acceptable Proposal in IPsec SA
Nov 20 10:44:28 "CDC-1" #19373: sending encrypted notification NO_PROPOSAL_CHOSEN to 97.xxx.xxx.xx:500
From the logs, it seems the Sonicwall is refusing the connection due to strict flag.
Not sure why Sonicwall is refusing the connection.
Thanks!
Please understand that if you don't answer all my questions it will be impossible to guide you. From my comment (http:#a39657911) you answered the SonicOS version but did not comment to this...
Here is how you upgrade your firmware & backup your settings:
A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.The phases will fail if you arbitrarily change the VPN ports.
Here is how you upgrade your firmware & backup your settings:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on your local computer.
2. On the System > Settings page, click the Export Settings button to save the current configuration to a file. You will be prompted to select the location on you hard drive to save the file.
3. For good measure, click on the Create Backup Settings button to save the current firmware and settings within the SonicWALL appliance.
4. On the System > Settings page, click Upload New Firmware.
5. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and click Upload.
6. Click the Boot icon in the row for Uploaded Firmware - New!
Let me know how it goes!
2. On the System > Settings page, click the Export Settings button to save the current configuration to a file. You will be prompted to select the location on you hard drive to save the file.
3. For good measure, click on the Create Backup Settings button to save the current firmware and settings within the SonicWALL appliance.
4. On the System > Settings page, click Upload New Firmware.
5. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and click Upload.
6. Click the Boot icon in the row for Uploaded Firmware - New!
ASKER
It appears that the Phase 1 parameters configuration were mismatch. I was using encryption 3DES and they were using AES128. Thanks for your help.... I wish I could give more points to you as you really helped me to figure out what I was doing wrong.
Thanks!
Thanks!
My pleasure! I'm glad I could help and thanks for the points!
That firewall is EOL (End of Life) and should be replaced to effectively secure and provide the current-day functionality demands and threat climate.
Which way is this going WAN>LAN or LAN>WAN?
What error message are you getting when you try? Can you provide a screenshot of your Access Rules?
Thanks!