Solved

Dell Sonicwall Global VPN Client ports

Posted on 2016-09-18
7
1,516 Views
Last Modified: 2016-11-22
I have a Dell Sonicwall TZ 205 router at work that I VPN into and a d-Link router at home.

Every day when I go to login using the Dell Sonicwall Global VPN Client to establish the VPN connection I have to click "connect" on the GVC and then go into my d-Link home router log to see the blocked port (the reply from the TZ 205) to then port forward to my local IP address.  After this, it then prompts for username/password and VPN works great.

The main issue isn't just doing this for myself, but also for a co-worker since he comes to my home to work.  The port that gets used on the reply is always random but in the 50,000 - 60,000.  Issue is that I can't just do a forward 50,000 to 60,000 port forward to my local IP address because I have a co-worker that works with me that also uses Global VPN Client to connect so if I setup a hard 50k - 60k port forward to my ip address then he wouldn't be able to connect.  So each day, I connect, view log, see the blocked request, port forward to my local ip address and then he connects, I view log, I see the blocked request and I port forward that specific port to his local ip address.  Every day it is different.

Any suggestions?
0
Comment
Question by:tigermessage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 41804108
Have you tried enabling the "VPN pass through" on your home router?
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41804109
Try enabling NAT Traversal on the SonicWALL setup. Also make sure it has been set for Aggressive Mode.
0
 

Author Comment

by:tigermessage
ID: 41804222
Hi John Hurst.  I checked the Sonicwall TZ 205 settings and NAT Transversal in the VPN Advanced Setting is already checked.  I did not see anywhere for a selection of Aggressive or anything of this manner (should be in IKE Proposal but I don't see any section in the Proposal tab about setting up as aggressive).

The d-link router log shows this when I try to connect using Global VPN client to the Sonicwall:
"Blocked incoming UDP packet from <remote sonicwall public up>:500 to <local public ip>:62738"

I know for sure that it is a local d-link router firewall concern.  I can only "open up" port 500 to point to a specific internal local ip address which I can't do because then when my co-worker tries to connect it will not allow him because it would route the traffic to my pc.  

Any other suggestions?  If not, going to go get a different router (keep the sonicwall in place but different local router) that has more features/options/firewall customization.
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 8

Expert Comment

by:J Spoor
ID: 41804318
UDP 500 for IKE, UDP 4500 for IPsec NAT-Traversla.
Ideally also ESP , which is IP protocol 50 (not tcp port 50, but IP protocol!!!)
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 250 total points (awarded by participants)
ID: 41804320
but the d-link should be statefull, and realise it's a reply packet...

perhaps time to change your d-link for a proper router :)
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 250 total points (awarded by participants)
ID: 41804589
You most likely have a consumer D-Link, so yes, at this point, you need a better router.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41834899
Author agreed a new router was needed.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question