Solved

Dell Sonicwall Global VPN Client ports

Posted on 2016-09-18
7
29 Views
Last Modified: 2016-11-22
I have a Dell Sonicwall TZ 205 router at work that I VPN into and a d-Link router at home.

Every day when I go to login using the Dell Sonicwall Global VPN Client to establish the VPN connection I have to click "connect" on the GVC and then go into my d-Link home router log to see the blocked port (the reply from the TZ 205) to then port forward to my local IP address.  After this, it then prompts for username/password and VPN works great.

The main issue isn't just doing this for myself, but also for a co-worker since he comes to my home to work.  The port that gets used on the reply is always random but in the 50,000 - 60,000.  Issue is that I can't just do a forward 50,000 to 60,000 port forward to my local IP address because I have a co-worker that works with me that also uses Global VPN Client to connect so if I setup a hard 50k - 60k port forward to my ip address then he wouldn't be able to connect.  So each day, I connect, view log, see the blocked request, port forward to my local ip address and then he connects, I view log, I see the blocked request and I port forward that specific port to his local ip address.  Every day it is different.

Any suggestions?
0
Comment
Question by:tigermessage
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 41804108
Have you tried enabling the "VPN pass through" on your home router?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41804109
Try enabling NAT Traversal on the SonicWALL setup. Also make sure it has been set for Aggressive Mode.
0
 

Author Comment

by:tigermessage
ID: 41804222
Hi John Hurst.  I checked the Sonicwall TZ 205 settings and NAT Transversal in the VPN Advanced Setting is already checked.  I did not see anywhere for a selection of Aggressive or anything of this manner (should be in IKE Proposal but I don't see any section in the Proposal tab about setting up as aggressive).

The d-link router log shows this when I try to connect using Global VPN client to the Sonicwall:
"Blocked incoming UDP packet from <remote sonicwall public up>:500 to <local public ip>:62738"

I know for sure that it is a local d-link router firewall concern.  I can only "open up" port 500 to point to a specific internal local ip address which I can't do because then when my co-worker tries to connect it will not allow him because it would route the traffic to my pc.  

Any other suggestions?  If not, going to go get a different router (keep the sonicwall in place but different local router) that has more features/options/firewall customization.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 5

Expert Comment

by:JSpoor
ID: 41804318
UDP 500 for IKE, UDP 4500 for IPsec NAT-Traversla.
Ideally also ESP , which is IP protocol 50 (not tcp port 50, but IP protocol!!!)
0
 
LVL 5

Accepted Solution

by:
JSpoor earned 250 total points (awarded by participants)
ID: 41804320
but the d-link should be statefull, and realise it's a reply packet...

perhaps time to change your d-link for a proper router :)
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points (awarded by participants)
ID: 41804589
You most likely have a consumer D-Link, so yes, at this point, you need a better router.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41834899
Author agreed a new router was needed.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now