Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can't open port 2030 in Sonicwall Pro 2040

Posted on 2013-11-13
16
Medium Priority
?
639 Views
Last Modified: 2013-11-20
Experts,

I have a client who has an old Sonicwall Pro 2040 router I am trying to configure the source IP 172.28.0.10 port 2030 to destination IP 65.xx.xxx.xxx port 2030. But it will not let me. Any one know how to configure this router so that it will accept these parameters?

Thanks!
0
Comment
Question by:CervisTECH
  • 10
  • 6
16 Comments
 
LVL 28

Expert Comment

by:Blue Street Tech
ID: 39646347
Hi CervisTECH,

That firewall is EOL (End of Life) and should be replaced to effectively secure and provide the current-day functionality demands and threat climate.

Which way is this going WAN>LAN or LAN>WAN?

What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39646510
WAN to LAN   65.XXX. XXX. XXX to LAN Port 2030. And LAN 172.XXX. XXX. XXX to WAN port 2030.
0
 
LVL 28

Expert Comment

by:Blue Street Tech
ID: 39646549
Did you put ending addresses?

Again, What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Unless you are filtering outbound traffic there is no need to have LAN > WAN rule...you should have * > WAN Allow by default.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 

Author Comment

by:CervisTECH
ID: 39657303
0
 

Author Comment

by:CervisTECH
ID: 39657309
When I try to add a new vpn tunnel all I am getting is a blink VPN Policy window. Any ideas why this is happening?
0
 
LVL 28

Expert Comment

by:Blue Street Tech
ID: 39657578
Restart the SonicWALL and it should clear up that issue.

Let me know how it goes!
0
 

Author Comment

by:CervisTECH
ID: 39657601
How can I dedicate a port for traffic for my vpn? Meaning I want to establish a S-2-S vpn connection to a vendor. But I want him to use port 2030 to send messages over to me in our system. But I don't see in the Sonicwall config how to do that.

Is this possible?
Thanks!
0
 
LVL 28

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39657911
First off, did restarting resolve the issue on turning up the blank page?

Secondly, make sure the SonicOS is the most current version.

A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
0
 

Author Comment

by:CervisTECH
ID: 39659182
Model:       PRO 2040 Enhanced
 Firmware Version:       SonicOS Enhanced 3.1.0.14-49e
 ROM Version:       SonicROM 2.1.0.0

This is a EOL Router. Not sure if I can update firmware or not. Don't know how.
0
 

Author Comment

by:CervisTECH
ID: 39659246
I have the VPN policy configured but how do I enable it? I am not able to get a green dot indicating that it has been enabled.

I checked the other side and they confirmed that the configuration is correct.
Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39659516
0
 

Author Comment

by:CervisTECH
ID: 39659545
I uploaded the configuration for port # 2030 This is what I've done:

1. Name: Interface
2. Protocol: TCP(6) Is this the correct protocol I should be using?
3. Port Range: 2030 - 2050
4. Sub Type: None (greyed out)

After clicking Next:
1. Server Name
2. IP Address of my server: 172.168.0.10
3. Gave description of server

So after configuring this the send server (remote user) will be able to send to my server (172.168.0.10) on port 2030. Is this correct and am I leaving anything out?

Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39660223
Here is what I am getting from the other router:

Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [XAUTH]
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [Dead Peer Detection]
Nov 20 10:44:28 "CDC-1" #19372: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 20 10:44:28 "CDC-1" #19372: Main mode peer ID is ID_IPV4_ADDR: '97.xxx.xxx.xx'
Nov 20 10:44:28 "CDC-1" #19372: I did not send a certificate because I do not have one.
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
Nov 20 10:44:28 "CDC-1" #19373: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Nov 20 10:44:28 "CDC-1" #19373: no acceptable Proposal in IPsec SA
Nov 20 10:44:28 "CDC-1" #19373: sending encrypted notification NO_PROPOSAL_CHOSEN to 97.xxx.xxx.xx:500

From the logs, it seems the Sonicwall is refusing the connection due to strict flag.
Not sure why Sonicwall is refusing the connection.

Thanks!
0
 
LVL 28

Expert Comment

by:Blue Street Tech
ID: 39661819
Please understand that if you don't answer all my questions it will be impossible to guide you. From my comment (http:#a39657911) you answered the SonicOS version but did not comment to this...
A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
The phases will fail if you arbitrarily change the VPN ports.

Here is how you upgrade your firmware & backup your settings:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on your local computer.

2. On the System > Settings page, click the Export Settings button to save the current configuration to a file. You will be prompted to select the location on you hard drive to save the file.

3.  For good measure, click on the Create Backup Settings button to save the current firmware and settings within the SonicWALL appliance.

4. On the System > Settings page, click Upload New Firmware.

5. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and click Upload.

6. Click the Boot icon in the row for Uploaded Firmware - New!
Let me know how it goes!
0
 

Author Closing Comment

by:CervisTECH
ID: 39662217
It appears that the Phase 1 parameters configuration were mismatch.  I was using encryption 3DES and they were using AES128. Thanks for your help.... I wish I could give more points to you as you really helped me to figure out what I was doing wrong.

Thanks!
0
 
LVL 28

Expert Comment

by:Blue Street Tech
ID: 39663506
My pleasure!  I'm glad I could help and thanks for the points!
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question