Solved

Sonicwall TZ100: Global VPN Client, connect on different port

Posted on 2014-02-07
18
2,693 Views
Last Modified: 2014-02-18
Hi,

I have this Sonicwall TZ100 which has VPN running. I can connect fine with my Iphone connecting to myddnsname.no-ip.com:8888 (different port is needed for me, my provider blocks default ports).
However, when I do this on a pc with Global VPN Client (Sonicwall), it says the address is invalid.

Please advise howto connect.
J.
0
Comment
Question by:janhoedt
  • 9
  • 9
18 Comments
 
LVL 24

Expert Comment

by:diverseit
ID: 39842643
Hi janhoedt,

This is most likely because you are connecting with your mobile via SSL-VPN and you have setup the port for this as 8888 instead of the default 4433. By changing it in the SSL-VPN server you have setup the proper port forwarding to connect through 8888. But Wireless Phone providers may block common VPN ports like 500 & 4500 but your ISP (when you use GVC) should not block anything (except maybe port 25 but this doesn't apply here). Have you tried to change the port for the VPN server? Why not just connect via SSL-VPN all ways around (mobile and PC/Mac)? It would be the same setup (:8888). Just download the NetExtender client for the applicable OS.

Let me know how it goes!
0
 

Author Comment

by:janhoedt
ID: 39842791
Thanks. Port forwarding is ok, see post " I can connect fine with my Iphone" (also port 8888).  Wireless Phone providers? I'm not talking about my Iphone, I'm talking about my pc with Windows 7 which has full Internet access. I cannot/will not change the vpn servers port, why should I? As stated, it works on Iphone.
NetExtender? What is the difference with Global VPN Client?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39842904
I think you are misunderstanding me. I'm not asking you to change anything but rather download a different client (NetExtender) to connect your PC to the VPN. There are multiple ways to establish a VPN connection on a SonicWALL. GVC is a common approach but the newer trend is SSL-VPN. NetExtender is a small download (acts like a GVC client in a way) and establishes a SSL-VPN connection like MobileConnect does on your phone.

So what I'm saying is just connect your PC via SSL-VPN connection rather than via GVC. It's simply a different download (and technically a different technology) but it yields the same result...a VPN connection.

Wireless Carriers will block 4500 or 500 sometimes within their network, which is needed to establish a IP-SEC VPN connection...else why would you change the default port for SSL-VPN from 4433 to 8888?

Incidentally, make sure you are licensed for GVC: System > Licenses > Global VPN Client.

Make sense?
0
 

Author Comment

by:janhoedt
ID: 39842935
Thanks. So this NetExtender CAN handle a different port then? Mydomain:8888.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39842967
Yes, NetExtender can handle any port you specify in the SSL-VPN server. If you login to your SonicWALL and go to SSL VPN > Server Settings you should see this port (8888) next to SSL VPN Port:. This is how you are suppose to change the SSL-VPN port from its default (4433) to whatever is currently not conflicting. The reason SonicWALL chose port 4433 is it is typically a non interfering port in most environments. I'd keep it default but 8888 will work just fine.

Once you have it setup this way you will always put that into the Server field mydomain:8888 or mydomain:<whatever IP you choose to put in the SSL-VPN Server port settings above>. You will do the same for your phone and NetExtender clients - basically anytime or any way you connect to the SSL-VPN you should include its port after the domain.
0
 

Author Comment

by:janhoedt
ID: 39843030
Thanks.
>Once you have it setup this way.
I have set it up. See comment: works on Iphone.
I ll try extender!
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39843077
Also, keep in mind that the Domain field in the NetExtender sign on must match what is in the domain field of the SSL VPN > Server Settings page within the SonicWALL.
0
 

Author Comment

by:janhoedt
ID: 39846923
There is no netxtender for Windows (and GlobalVPNClient seems the new way to go, not the old way ... Netextender is of 2012, GlobalVPNClient versions are more recent):
xtender
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39846974
Click on the link above your red box named "NetExtender" (it's the first link) that is the link for Windows and all the others below it are for the alternative versions (Linux, Mac, etc.).

...(and GlobalVPNClient seems the new way to go, not the old way ... Netextender is of 2012, GlobalVPNClient versions are more recent)
not sure what this means, its a fact that SSL-VPN is and has been the new trend for VPN connectivity primarily for its dynamic application set (mobile platforms), ease of use and deployment options plus a lighter client.

These are superfluous arguments but if you are challenging a trend based on SonicWALL's last general release then NetExtender still wins as it's last release was Nov 26, 2013 whereas GVC was Jun 1, 2012. And if you are basing it on maturity I guess you could argue the same that NetExtender is a more mature product as it is on its 7th build (7.0.203) whereas GVC is only on its 4th major build (4.7.3.0403). I say these are superfluous arguments only because they mean nothing as far as trends go and when I say trends I'm referring to the latest and greatest.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:janhoedt
ID: 39847042
Thanks! I tried it, but cannot make it work (yet).
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39847045
Give your system a reboot then re-try. What seems to be the issue? Are you getting a specific error?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39849910
Any update on this?
0
 

Author Comment

by:janhoedt
ID: 39853186
It works! Connection is fine, but routing is not, cannot ping an internal device though the route print seems ok(?)

tracertrouteprint
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39856914
In the SSL-VPN server have you selected Tunnel All mode?
0
 

Author Comment

by:janhoedt
ID: 39859618
No it is not ... I guess, where can I check (Sonicwall TZ100) and it should not be either.
I need my local AND my remote access just as on my openvpn.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39859761
To check this go to SSL VPN > Client Settings then depending on your SonicOS version it will be either included on that page or if on 5.9.x you will have to click on profile configure button, which will bring up the Edit Device Profile Dialogue box. Then click on the Client Routes tab and under Tunnel All Mode it will either be Disabled or Enabled. Below that is also where you will enter in the preferred routes as well.

Let me know what you have the Tunnel All Mode selected to and what routes are already present. Thanks!
0
 

Author Comment

by:janhoedt
ID: 39867213
Thanks but I cannot enable tunnel all since I need my local network too. The other configurations should work already since it works from my iphone (so I don't see a reason to change things). I can ping my sonicwall, but items on my remote lan I cannot ping.
0
 

Author Comment

by:janhoedt
ID: 39867282
What I don't understand is that my route print shows 192.0.2.1 as default gateway. I don't see that gateway anywhere, the gateway should be 192.168.1.200. If I set this with route add it doesn't work though.

defaultgateway
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now