dstewart83161
asked on
Sonicwall VPN Connection; Unable to Ping/Access
We have two Sonicwall's that are having issues with remote access.
One Sonicwall is at 192.168.2.1 and the other is at 192.168.112.1; both in remote locations. The VPN connection is Green on both ends, indicating an active connection. It is set up with Main mode (also attempted with IKEv2) with matching settings/PSK. All seems to be well on both ends. The issue is that neither side can ping any machine on the others respective networks, let alone access folder shares. Pinging from 192.168.112.xxx -> 192.168.2.xxx and vice versa does not work.
I have checked that the Firewall Access rules are in place for VPN->LAN, VPN->VPN, and LAN-VPN. They are Enabled and Allowed.
The VPN connections are showing as Active on both devices.
Any ideas on why I cant access anything across the tunnel? I have also tried different ports (RDP, etc) from machine to machine with no help. NetBIOS translation is also enabled, even though I am just trying to connect with IP addresses at this point.
Please assist! Thanks!
One Sonicwall is at 192.168.2.1 and the other is at 192.168.112.1; both in remote locations. The VPN connection is Green on both ends, indicating an active connection. It is set up with Main mode (also attempted with IKEv2) with matching settings/PSK. All seems to be well on both ends. The issue is that neither side can ping any machine on the others respective networks, let alone access folder shares. Pinging from 192.168.112.xxx -> 192.168.2.xxx and vice versa does not work.
I have checked that the Firewall Access rules are in place for VPN->LAN, VPN->VPN, and LAN-VPN. They are Enabled and Allowed.
The VPN connections are showing as Active on both devices.
Any ideas on why I cant access anything across the tunnel? I have also tried different ports (RDP, etc) from machine to machine with no help. NetBIOS translation is also enabled, even though I am just trying to connect with IP addresses at this point.
Please assist! Thanks!
Hi all, this is a rather silly question but exactly which part of the interface/zone is 192.168.112.x and 192.168.2.x network?
@Djeesfan_ZA - that would be the two LAN Zones. Questions are not silly...assumptions are!
ASKER
Thank you all for the comments, here's the answers to some questions:
Sonicwall 1: TZ 100 wireless-N
Sonicwall 2: TZ 105
I can ping the external IP's of both Sonicwall's from each network.
I believe this issue is now resolved however. I changed the VPN to IKEv2 and moved to DH2 instead of DH5.
Not sure why that made a difference, but it is now working. Thanks everyone.
Sonicwall 1: TZ 100 wireless-N
Sonicwall 2: TZ 105
I can ping the external IP's of both Sonicwall's from each network.
I believe this issue is now resolved however. I changed the VPN to IKEv2 and moved to DH2 instead of DH5.
Not sure why that made a difference, but it is now working. Thanks everyone.
I changed the VPN to IKEv2 and moved to DH2 instead of DH5.The Policy has to match on both ends, which could have been all it needed to work.
In any case, please select a comment as the Solution to close this question. If none helped then Delete it.
Thanks and I'm glad its working for you now!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no other suggestions worked. found a hit for the issue on another forum. Tried it and it worked.
With is the model of each SonicWALL?
Here are some troubleshooting steps to follow:
1. Make sure both firewalls are upgraded to the latest firmware release.
2. Did you try to go to System > Diagnostics, under Diagnostic Tools select Ping and ping the VPN Gateway of the other SonicWALL?
3. Check the log monitor and see if any error/prevention/block/fai
4. Capture the packets on the firewall's interfaces like WAN interface for instance. Check if the packets can be sent out from the WAN interface correctly.
As an example, you may find that while pinging from LAN side of Sonicwall to the remote gateway, the Sonicwall firewall generating an ICMP Redirect packet.