• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3344
  • Last Modified:

Sonicwall TZ100: Global VPN Client, connect on different port

Hi,

I have this Sonicwall TZ100 which has VPN running. I can connect fine with my Iphone connecting to myddnsname.no-ip.com:8888 (different port is needed for me, my provider blocks default ports).
However, when I do this on a pc with Global VPN Client (Sonicwall), it says the address is invalid.

Please advise howto connect.
J.
0
janhoedt
Asked:
janhoedt
  • 9
  • 9
1 Solution
 
Blue Street TechLast KnightsCommented:
Hi janhoedt,

This is most likely because you are connecting with your mobile via SSL-VPN and you have setup the port for this as 8888 instead of the default 4433. By changing it in the SSL-VPN server you have setup the proper port forwarding to connect through 8888. But Wireless Phone providers may block common VPN ports like 500 & 4500 but your ISP (when you use GVC) should not block anything (except maybe port 25 but this doesn't apply here). Have you tried to change the port for the VPN server? Why not just connect via SSL-VPN all ways around (mobile and PC/Mac)? It would be the same setup (:8888). Just download the NetExtender client for the applicable OS.

Let me know how it goes!
0
 
janhoedtAuthor Commented:
Thanks. Port forwarding is ok, see post " I can connect fine with my Iphone" (also port 8888).  Wireless Phone providers? I'm not talking about my Iphone, I'm talking about my pc with Windows 7 which has full Internet access. I cannot/will not change the vpn servers port, why should I? As stated, it works on Iphone.
NetExtender? What is the difference with Global VPN Client?
0
 
Blue Street TechLast KnightsCommented:
I think you are misunderstanding me. I'm not asking you to change anything but rather download a different client (NetExtender) to connect your PC to the VPN. There are multiple ways to establish a VPN connection on a SonicWALL. GVC is a common approach but the newer trend is SSL-VPN. NetExtender is a small download (acts like a GVC client in a way) and establishes a SSL-VPN connection like MobileConnect does on your phone.

So what I'm saying is just connect your PC via SSL-VPN connection rather than via GVC. It's simply a different download (and technically a different technology) but it yields the same result...a VPN connection.

Wireless Carriers will block 4500 or 500 sometimes within their network, which is needed to establish a IP-SEC VPN connection...else why would you change the default port for SSL-VPN from 4433 to 8888?

Incidentally, make sure you are licensed for GVC: System > Licenses > Global VPN Client.

Make sense?
0
The eGuide to Automating Firewall Change Control

Today‚Äôs IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
janhoedtAuthor Commented:
Thanks. So this NetExtender CAN handle a different port then? Mydomain:8888.
0
 
Blue Street TechLast KnightsCommented:
Yes, NetExtender can handle any port you specify in the SSL-VPN server. If you login to your SonicWALL and go to SSL VPN > Server Settings you should see this port (8888) next to SSL VPN Port:. This is how you are suppose to change the SSL-VPN port from its default (4433) to whatever is currently not conflicting. The reason SonicWALL chose port 4433 is it is typically a non interfering port in most environments. I'd keep it default but 8888 will work just fine.

Once you have it setup this way you will always put that into the Server field mydomain:8888 or mydomain:<whatever IP you choose to put in the SSL-VPN Server port settings above>. You will do the same for your phone and NetExtender clients - basically anytime or any way you connect to the SSL-VPN you should include its port after the domain.
0
 
janhoedtAuthor Commented:
Thanks.
>Once you have it setup this way.
I have set it up. See comment: works on Iphone.
I ll try extender!
0
 
Blue Street TechLast KnightsCommented:
Also, keep in mind that the Domain field in the NetExtender sign on must match what is in the domain field of the SSL VPN > Server Settings page within the SonicWALL.
0
 
janhoedtAuthor Commented:
There is no netxtender for Windows (and GlobalVPNClient seems the new way to go, not the old way ... Netextender is of 2012, GlobalVPNClient versions are more recent):
xtender
0
 
Blue Street TechLast KnightsCommented:
Click on the link above your red box named "NetExtender" (it's the first link) that is the link for Windows and all the others below it are for the alternative versions (Linux, Mac, etc.).

...(and GlobalVPNClient seems the new way to go, not the old way ... Netextender is of 2012, GlobalVPNClient versions are more recent)
not sure what this means, its a fact that SSL-VPN is and has been the new trend for VPN connectivity primarily for its dynamic application set (mobile platforms), ease of use and deployment options plus a lighter client.

These are superfluous arguments but if you are challenging a trend based on SonicWALL's last general release then NetExtender still wins as it's last release was Nov 26, 2013 whereas GVC was Jun 1, 2012. And if you are basing it on maturity I guess you could argue the same that NetExtender is a more mature product as it is on its 7th build (7.0.203) whereas GVC is only on its 4th major build (4.7.3.0403). I say these are superfluous arguments only because they mean nothing as far as trends go and when I say trends I'm referring to the latest and greatest.
0
 
janhoedtAuthor Commented:
Thanks! I tried it, but cannot make it work (yet).
0
 
Blue Street TechLast KnightsCommented:
Give your system a reboot then re-try. What seems to be the issue? Are you getting a specific error?
0
 
Blue Street TechLast KnightsCommented:
Any update on this?
0
 
janhoedtAuthor Commented:
It works! Connection is fine, but routing is not, cannot ping an internal device though the route print seems ok(?)

tracertrouteprint
0
 
Blue Street TechLast KnightsCommented:
In the SSL-VPN server have you selected Tunnel All mode?
0
 
janhoedtAuthor Commented:
No it is not ... I guess, where can I check (Sonicwall TZ100) and it should not be either.
I need my local AND my remote access just as on my openvpn.
0
 
Blue Street TechLast KnightsCommented:
To check this go to SSL VPN > Client Settings then depending on your SonicOS version it will be either included on that page or if on 5.9.x you will have to click on profile configure button, which will bring up the Edit Device Profile Dialogue box. Then click on the Client Routes tab and under Tunnel All Mode it will either be Disabled or Enabled. Below that is also where you will enter in the preferred routes as well.

Let me know what you have the Tunnel All Mode selected to and what routes are already present. Thanks!
0
 
janhoedtAuthor Commented:
Thanks but I cannot enable tunnel all since I need my local network too. The other configurations should work already since it works from my iphone (so I don't see a reason to change things). I can ping my sonicwall, but items on my remote lan I cannot ping.
0
 
janhoedtAuthor Commented:
What I don't understand is that my route print shows 192.0.2.1 as default gateway. I don't see that gateway anywhere, the gateway should be 192.168.1.200. If I set this with route add it doesn't work though.

defaultgateway
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now