Open port through Tunel Interface (SonicWall)


I wonder if it's possible that some ports are blocked between a VPN (Tunnel Interface).

Here is my problem:
We have 10 access points Adtran Bluesocket BSAP-1925.
9 of them are connected to our local network (headquarters). Everything works perfectly.
We also have a remote site with one access point. There is a VPN (Tunnel Interface) between the 2 sites.
At the remote site we have a domain controller, file server and a backup server, we have no problem.
However, the access point at the remote site is not able to connect to the management server, where all the other
Access points are connected.

When the access point is at the main site, it is able to connect to the management server.
I also have in my possession the ports used by the management server and the access point to communicate together.
Is it possible that these ports are blocked in the VPN connection?
The management server is a Bluesocket vWlan V2_3_0_09.
Thank you
Janio Andre GutierrezAdministrateur réseauAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Janio Andre Gutierrez Gutierrez,

It is possible that the correct routes are not in the VPN tunnel. The routes/subnets need to match where the devices are located.

Let me know how it goes!
Janio Andre GutierrezAdministrateur réseauAuthor Commented:
Hi Diverseit,

The routes/subnets objects have to be on the "Main" SonicWall (Headquarters) ?


Janio André Gutierrez
Blue Street TechLast KnightCommented:
I don't know your network but basically whatever you want to communicate on either side needs to be in both policies (on each firewall).

So, if your WLAN manager is in Site A (HQ) on 10.10.x.x/16 and your troubled WAP is in Site B on 173.2.x.x/16, then Site A and Site B's VPN policy would need to include the local and remote subnets , in addition to the other subnets, under the Network Tab. I 'd create Address Object Groups if there are multiple subnets/VLANs in each Site location.

Site A
LAN = 10.1.x.x/16 (contains Servers)
LAN = 10.10.x.x/16 (contains the WLAN Manager)
WLAN = 172.16.x.x/16 (contains WLAN devices)

Site B
LAN = 192.168.0.x/24 (contains Servers and PCs)
WLAN = 172.2.x.x/16 (contains WLAN devices, including the troubled WAP)

In this scenario, the VPN policy for Site A under the Network tab would read:
Local Networks = The Address Object Group for Site A (which would consist of 10.1.x.x/16, 10.10.x.x/16 & 172.16.x.x/16) provided that you want the the sites to communicate on all of these subnets.
Remote Networks = The Address Object Group for Site B (which would consist of 192.168.0.x/24 & 172.2.x.x/16) again provided that you want the the sites to communicate on all of these subnets.

You'd then do the the same but flipping the objects for the Local and Remote on Site B's VPN Policy.
On the Advanced tab of both VPN policies I'd check Enable Keep Alive and Enable Windows Networking (NetBIOS) Broadcast as well.

Keep Alive uses heartbeat messages between peers on this VPN tunnel. If one end of the tunnel fails, using Keepalives will allow for the automatic renegotiation of the tunnel once both sides become available again without having to wait for the proposed Life Time to expire.

Enabling Windows Networking (NetBIOS) Broadcast will allow access to remote network resources by browsing the Windows® Network Neighborhood.

Make sense?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Janio Andre GutierrezAdministrateur réseauAuthor Commented:
Hi Diverseit,

Thanks for the explanation, it is really appreciated.
I will let you know.
Thanks and have a nice day !
Blue Street TechLast KnightCommented:
Thanks for the points. ..glad I could help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.