• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4180
  • Last Modified:

Dell Sonicwall Global VPN Client ports

I have a Dell Sonicwall TZ 205 router at work that I VPN into and a d-Link router at home.

Every day when I go to login using the Dell Sonicwall Global VPN Client to establish the VPN connection I have to click "connect" on the GVC and then go into my d-Link home router log to see the blocked port (the reply from the TZ 205) to then port forward to my local IP address.  After this, it then prompts for username/password and VPN works great.

The main issue isn't just doing this for myself, but also for a co-worker since he comes to my home to work.  The port that gets used on the reply is always random but in the 50,000 - 60,000.  Issue is that I can't just do a forward 50,000 to 60,000 port forward to my local IP address because I have a co-worker that works with me that also uses Global VPN Client to connect so if I setup a hard 50k - 60k port forward to my ip address then he wouldn't be able to connect.  So each day, I connect, view log, see the blocked request, port forward to my local ip address and then he connects, I view log, I see the blocked request and I port forward that specific port to his local ip address.  Every day it is different.

Any suggestions?
2 Solutions
Have you tried enabling the "VPN pass through" on your home router?
John HurstBusiness Consultant (Owner)Commented:
Try enabling NAT Traversal on the SonicWALL setup. Also make sure it has been set for Aggressive Mode.
tigermessageAuthor Commented:
Hi John Hurst.  I checked the Sonicwall TZ 205 settings and NAT Transversal in the VPN Advanced Setting is already checked.  I did not see anywhere for a selection of Aggressive or anything of this manner (should be in IKE Proposal but I don't see any section in the Proposal tab about setting up as aggressive).

The d-link router log shows this when I try to connect using Global VPN client to the Sonicwall:
"Blocked incoming UDP packet from <remote sonicwall public up>:500 to <local public ip>:62738"

I know for sure that it is a local d-link router firewall concern.  I can only "open up" port 500 to point to a specific internal local ip address which I can't do because then when my co-worker tries to connect it will not allow him because it would route the traffic to my pc.  

Any other suggestions?  If not, going to go get a different router (keep the sonicwall in place but different local router) that has more features/options/firewall customization.
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

J SpoorTMECommented:
UDP 500 for IKE, UDP 4500 for IPsec NAT-Traversla.
Ideally also ESP , which is IP protocol 50 (not tcp port 50, but IP protocol!!!)
J SpoorTMECommented:
but the d-link should be statefull, and realise it's a reply packet...

perhaps time to change your d-link for a proper router :)
John HurstBusiness Consultant (Owner)Commented:
You most likely have a consumer D-Link, so yes, at this point, you need a better router.
John HurstBusiness Consultant (Owner)Commented:
Author agreed a new router was needed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now