Solved

Can't open port 2030 in Sonicwall Pro 2040

Posted on 2013-11-13
16
612 Views
Last Modified: 2013-11-20
Experts,

I have a client who has an old Sonicwall Pro 2040 router I am trying to configure the source IP 172.28.0.10 port 2030 to destination IP 65.xx.xxx.xxx port 2030. But it will not let me. Any one know how to configure this router so that it will accept these parameters?

Thanks!
0
Comment
Question by:CervisTECH
  • 10
  • 6
16 Comments
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39646347
Hi CervisTECH,

That firewall is EOL (End of Life) and should be replaced to effectively secure and provide the current-day functionality demands and threat climate.

Which way is this going WAN>LAN or LAN>WAN?

What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39646510
WAN to LAN   65.XXX. XXX. XXX to LAN Port 2030. And LAN 172.XXX. XXX. XXX to WAN port 2030.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39646549
Did you put ending addresses?

Again, What error message are you getting when you try? Can you provide a screenshot of your Access Rules?

Unless you are filtering outbound traffic there is no need to have LAN > WAN rule...you should have * > WAN Allow by default.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:CervisTECH
ID: 39657303
0
 

Author Comment

by:CervisTECH
ID: 39657309
When I try to add a new vpn tunnel all I am getting is a blink VPN Policy window. Any ideas why this is happening?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39657578
Restart the SonicWALL and it should clear up that issue.

Let me know how it goes!
0
 

Author Comment

by:CervisTECH
ID: 39657601
How can I dedicate a port for traffic for my vpn? Meaning I want to establish a S-2-S vpn connection to a vendor. But I want him to use port 2030 to send messages over to me in our system. But I don't see in the Sonicwall config how to do that.

Is this possible?
Thanks!
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39657911
First off, did restarting resolve the issue on turning up the blank page?

Secondly, make sure the SonicOS is the most current version.

A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
0
 

Author Comment

by:CervisTECH
ID: 39659182
Model:       PRO 2040 Enhanced
 Firmware Version:       SonicOS Enhanced 3.1.0.14-49e
 ROM Version:       SonicROM 2.1.0.0

This is a EOL Router. Not sure if I can update firmware or not. Don't know how.
0
 

Author Comment

by:CervisTECH
ID: 39659246
I have the VPN policy configured but how do I enable it? I am not able to get a green dot indicating that it has been enabled.

I checked the other side and they confirmed that the configuration is correct.
Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39659516
0
 

Author Comment

by:CervisTECH
ID: 39659545
I uploaded the configuration for port # 2030 This is what I've done:

1. Name: Interface
2. Protocol: TCP(6) Is this the correct protocol I should be using?
3. Port Range: 2030 - 2050
4. Sub Type: None (greyed out)

After clicking Next:
1. Server Name
2. IP Address of my server: 172.168.0.10
3. Gave description of server

So after configuring this the send server (remote user) will be able to send to my server (172.168.0.10) on port 2030. Is this correct and am I leaving anything out?

Thanks!
0
 

Author Comment

by:CervisTECH
ID: 39660223
Here is what I am getting from the other router:

Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [404bf439522ca3f6]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [XAUTH]
Nov 20 10:44:28 "CDC-1" #19372: ignoring unknown Vendor ID payload [da8e937880010000]
Nov 20 10:44:28 "CDC-1" #19372: received Vendor ID payload [Dead Peer Detection]
Nov 20 10:44:28 "CDC-1" #19372: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 20 10:44:28 "CDC-1" #19372: Main mode peer ID is ID_IPV4_ADDR: '97.xxx.xxx.xx'
Nov 20 10:44:28 "CDC-1" #19372: I did not send a certificate because I do not have one.
Nov 20 10:44:28 "CDC-1" #19372: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 20 10:44:28 "CDC-1" #19372: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
Nov 20 10:44:28 "CDC-1" #19373: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Nov 20 10:44:28 "CDC-1" #19373: no acceptable Proposal in IPsec SA
Nov 20 10:44:28 "CDC-1" #19373: sending encrypted notification NO_PROPOSAL_CHOSEN to 97.xxx.xxx.xx:500

From the logs, it seems the Sonicwall is refusing the connection due to strict flag.
Not sure why Sonicwall is refusing the connection.

Thanks!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39661819
Please understand that if you don't answer all my questions it will be impossible to guide you. From my comment (http:#a39657911) you answered the SonicOS version but did not comment to this...
A site-to-site VPN should not be changed from its default ports. If you want to open 2030 that is fine but it has nothing to do with VPN. Click on the Public Server Wizard and select Other... for the server and create a customer service for port 2030. That should do it.
The phases will fail if you arbitrarily change the VPN ports.

Here is how you upgrade your firmware & backup your settings:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on your local computer.

2. On the System > Settings page, click the Export Settings button to save the current configuration to a file. You will be prompted to select the location on you hard drive to save the file.

3.  For good measure, click on the Create Backup Settings button to save the current firmware and settings within the SonicWALL appliance.

4. On the System > Settings page, click Upload New Firmware.

5. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and click Upload.

6. Click the Boot icon in the row for Uploaded Firmware - New!
Let me know how it goes!
0
 

Author Closing Comment

by:CervisTECH
ID: 39662217
It appears that the Phase 1 parameters configuration were mismatch.  I was using encryption 3DES and they were using AES128. Thanks for your help.... I wish I could give more points to you as you really helped me to figure out what I was doing wrong.

Thanks!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39663506
My pleasure!  I'm glad I could help and thanks for the points!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question