Solved

Global VPN SonicWall TZ105 setup

Posted on 2014-11-26
7
337 Views
Last Modified: 2014-12-11
we just got a new TZ 105, and have it setup with the WAN interface pulling from the Comcast box ip address instead of our external ip address. Traffic is running through it fine, but is there a way to setup the Global VPN client to work like this? I can't get it to connect, and I am guessing it is because the VPN client can't see the Firewall.

Thank you.
0
Comment
Question by:raffie613
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 7

Expert Comment

by:Network Zero
ID: 40471103
If your connected to the internet, then you need to look at the VPN settings them selves.

Something you need to make sure is where you're getting the DHCP from.

Global VPN needs DHCP configure from the sonicwall in order to be to connect.

go to vpn -> settings

go to WAN group vpn

pick an authentication type

example ike preshared key

set up a shared secret

DH group use GROUP 5

aes 256

SHA 1

28800

ipec2

esp

aes 256

sha1

life time is on you

advanced tab =>  

enable netbios

enable mutlicast

client authen

** trusted users ** or your own level

client tab

user name and password set your own settings

virtual adapter dhcp lease or manual config or just dhcp

allow connection to split tunnels

go to DHCP over VPN

central gateway

click configure

check use internal

for global vpn client

send DHCP request to the server address below

put in the address of the DHCP server or where ever you get DHCP

on network

go to DHCP server

enable DHCP server

then you need configure local users under

users -> local users

VPN access firewall subnet or whatever access you want them to have

groups make sure you put trusted users or whatever group you decide to give vpn access to

then download the VPN client and give that a shot
0
 

Author Comment

by:raffie613
ID: 40472052
did all this. Global VPN log shows error "the peer is not responding to phase 1 ISAKMP requests."

Are you sure that I do not need to have the ISP modem in bridge mode and my Sonicwall device have the external IP address as it's own WAN interface?
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 40473503
Yes, the you need to be able to access the Sonicwall WAN ip for the VPN to work.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:raffie613
ID: 40474483
ok, my ISP says my modem is in bridge mode but changing my X1 port to the external ip drops the network completely. Is there another setting i need?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40475734
A couple of possibilities. Take a look at the following...

https://support.software.dell.com/kb/sw3875

https://support.software.dell.com/kb/sw5593

Does either resolve the problem?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 40476146
Hi raffie613,

You need to login to the Comcast modem directly and look for a Passthrough IP option so that the modem will pass the External IP address to your SonicWALL. Also you will want to disable Firewall, Block IPsec, etc. since your SonicWALL will be handling that...and no in this scenario it doesn't benefit you to have both enabled.

Let me know how it goes!
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40477616
OK raffie613 it sounds to me like the problem is with the Comcast modem. Try this:

Remove the Ethernet cable from the Cable modem or reset it. (I recommended powering it down)

Wait till the modem comes back usually some sorta of green light should come on.

Connect your modem into the want port of the sonic wall...

check if auto-negotiation is correct.

give me the mode number of the comcast modem if it's still not working also...

back up the current configuration and then make sure the sonicwall is updated with the latest firmware.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question