Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Dell Sonicwall Global VPN Client ports

Posted on 2016-09-18
7
Medium Priority
?
3,131 Views
Last Modified: 2016-11-22
I have a Dell Sonicwall TZ 205 router at work that I VPN into and a d-Link router at home.

Every day when I go to login using the Dell Sonicwall Global VPN Client to establish the VPN connection I have to click "connect" on the GVC and then go into my d-Link home router log to see the blocked port (the reply from the TZ 205) to then port forward to my local IP address.  After this, it then prompts for username/password and VPN works great.

The main issue isn't just doing this for myself, but also for a co-worker since he comes to my home to work.  The port that gets used on the reply is always random but in the 50,000 - 60,000.  Issue is that I can't just do a forward 50,000 to 60,000 port forward to my local IP address because I have a co-worker that works with me that also uses Global VPN Client to connect so if I setup a hard 50k - 60k port forward to my ip address then he wouldn't be able to connect.  So each day, I connect, view log, see the blocked request, port forward to my local ip address and then he connects, I view log, I see the blocked request and I port forward that specific port to his local ip address.  Every day it is different.

Any suggestions?
0
Comment
Question by:tigermessage
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 41804108
Have you tried enabling the "VPN pass through" on your home router?
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41804109
Try enabling NAT Traversal on the SonicWALL setup. Also make sure it has been set for Aggressive Mode.
0
 

Author Comment

by:tigermessage
ID: 41804222
Hi John Hurst.  I checked the Sonicwall TZ 205 settings and NAT Transversal in the VPN Advanced Setting is already checked.  I did not see anywhere for a selection of Aggressive or anything of this manner (should be in IKE Proposal but I don't see any section in the Proposal tab about setting up as aggressive).

The d-link router log shows this when I try to connect using Global VPN client to the Sonicwall:
"Blocked incoming UDP packet from <remote sonicwall public up>:500 to <local public ip>:62738"

I know for sure that it is a local d-link router firewall concern.  I can only "open up" port 500 to point to a specific internal local ip address which I can't do because then when my co-worker tries to connect it will not allow him because it would route the traffic to my pc.  

Any other suggestions?  If not, going to go get a different router (keep the sonicwall in place but different local router) that has more features/options/firewall customization.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 9

Expert Comment

by:J Spoor
ID: 41804318
UDP 500 for IKE, UDP 4500 for IPsec NAT-Traversla.
Ideally also ESP , which is IP protocol 50 (not tcp port 50, but IP protocol!!!)
0
 
LVL 9

Accepted Solution

by:
J Spoor earned 1000 total points (awarded by participants)
ID: 41804320
but the d-link should be statefull, and realise it's a reply packet...

perhaps time to change your d-link for a proper router :)
0
 
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points (awarded by participants)
ID: 41804589
You most likely have a consumer D-Link, so yes, at this point, you need a better router.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 41834899
Author agreed a new router was needed.
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question