Solved

Dell Sonicwall Global VPN Client ports

Posted on 2016-09-18
7
782 Views
Last Modified: 2016-11-22
I have a Dell Sonicwall TZ 205 router at work that I VPN into and a d-Link router at home.

Every day when I go to login using the Dell Sonicwall Global VPN Client to establish the VPN connection I have to click "connect" on the GVC and then go into my d-Link home router log to see the blocked port (the reply from the TZ 205) to then port forward to my local IP address.  After this, it then prompts for username/password and VPN works great.

The main issue isn't just doing this for myself, but also for a co-worker since he comes to my home to work.  The port that gets used on the reply is always random but in the 50,000 - 60,000.  Issue is that I can't just do a forward 50,000 to 60,000 port forward to my local IP address because I have a co-worker that works with me that also uses Global VPN Client to connect so if I setup a hard 50k - 60k port forward to my ip address then he wouldn't be able to connect.  So each day, I connect, view log, see the blocked request, port forward to my local ip address and then he connects, I view log, I see the blocked request and I port forward that specific port to his local ip address.  Every day it is different.

Any suggestions?
0
Comment
Question by:tigermessage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 41804108
Have you tried enabling the "VPN pass through" on your home router?
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41804109
Try enabling NAT Traversal on the SonicWALL setup. Also make sure it has been set for Aggressive Mode.
0
 

Author Comment

by:tigermessage
ID: 41804222
Hi John Hurst.  I checked the Sonicwall TZ 205 settings and NAT Transversal in the VPN Advanced Setting is already checked.  I did not see anywhere for a selection of Aggressive or anything of this manner (should be in IKE Proposal but I don't see any section in the Proposal tab about setting up as aggressive).

The d-link router log shows this when I try to connect using Global VPN client to the Sonicwall:
"Blocked incoming UDP packet from <remote sonicwall public up>:500 to <local public ip>:62738"

I know for sure that it is a local d-link router firewall concern.  I can only "open up" port 500 to point to a specific internal local ip address which I can't do because then when my co-worker tries to connect it will not allow him because it would route the traffic to my pc.  

Any other suggestions?  If not, going to go get a different router (keep the sonicwall in place but different local router) that has more features/options/firewall customization.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 8

Expert Comment

by:J Spoor
ID: 41804318
UDP 500 for IKE, UDP 4500 for IPsec NAT-Traversla.
Ideally also ESP , which is IP protocol 50 (not tcp port 50, but IP protocol!!!)
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 250 total points (awarded by participants)
ID: 41804320
but the d-link should be statefull, and realise it's a reply packet...

perhaps time to change your d-link for a proper router :)
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points (awarded by participants)
ID: 41804589
You most likely have a consumer D-Link, so yes, at this point, you need a better router.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 41834899
Author agreed a new router was needed.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote Desktop Services in AWS 4 51
SSL-VPN Solution 8 36
Cisco 3650 switch 1G port to 10G port 6 40
Hyper-V Replica establishing problem 11 26
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question