SonicWall VPN Woes
Are the sites having problems on Comcast? I've had their crap block dhcp
Two months ago we replaced an aging firewall with a SonicWall NSA 2600. It fulfilled several of my goals in one device: ability to expand the network, IPS, easier to manage, etc.However, VPN has never consistently worked since. I worked with our MSP on the multiple issues our remote users have been having these two months and now have no ideas how to proceed. Maybe you can help?Yesterday we spent seven hours on the phone with SonicWall support, through several engineers reinstalling software, doing registry hacks, using Powershell, etc. to no avail. At the end of the day the engineer says, "It is not a SonicWall problem." To be fair, an identical machine works here at the office (through hotspot) but not in Maine, and other identical machines have no problems in their locations.The Meat: SonicWall NSA 2600 SSL-VPN with Active...
This topic first appeared in the Spiceworks Community
Similar Messages
-
Connecting through SonicWall VPN
Has anyone managed to connect to a file server through a SonicWall VPN? The only vpn connection profiles are for Cisco routers.
Yes, I'll go into the SonicWall tomorrow and see what I can finds out, or call thier tech support if I can't figure it out.
Thanks for your help. -
Hello,
Do you know if it's possible to use my Iphone 3G on a SonicWall VPN ?
I use NetExtender on my Mac OS 10.5.5.
I think it's not possible but...who know...
Thanks to everyone.
Nicolas,
France
Message was edited by: Nico, St MaloI would like to add the same for the Pacific Northwest, USA. In addition, I have the iSSH app. It connects immediately to my internet connected firewall but never does on 3g.
To add further pain I did a speed test for wi-fi and 3g. The 3g is faster than the wi-fi.
What is causing this? -
Has anyone used Arch to connect to a sonicwall VPN? If so, how'd you do it? What tools do I need to install?
Thanks,Depends on the sonicwall device you have.
Some sonicwalls support both IPSec and L2TP (L2TP-over-IPsec). It just depends on which one you want to go with.
If you google around for "sonicwall linux ipsec" or "sonicwall linux l2tp" you should find some good info. -
Cisco wireless and Sonicwall VPN
My network consists of an 871 router, 48 port Switch, 2006 WLAN Controller, 1231 APs, and SonicWall VPN.
VPN connections are fine if the client is using the wired network. VPN connections do not work if the client is wireless. I've had a couple of suggestions...VPN Passthrough on the WLAN Controller - that didn't work, but I'm not sure I had the right gateway. And they also suggested changing the MTU size on the wireless card in the laptop. Still trying to figure out how to do that.
Any other ideas? This seems like it should be a fairly easy fix.
Thanks.Are your wireless clients getting an IP? That is are you using the SonicWall as your DHCP server for the wireless clients?
If so it will probably not work. There is something with the SonicWalls that they don't support. I went round and round with SonicWall and couldn't get DHCP working for wireless clients coming through Cisco WLC Controllers. -
Back when life was simple, under Windows XP, i simply fired up my SonicWALL client, connected to the host, and then connected via RDC and all was good.
Now I have Windows 8.1 and SonicWALL's v4.9.0.1202 64-bit client. I can connect with the client - although it seems to drop the connection quite a bit - but when it is up, I can ping the host. But when I try to RDC, I get the completely unhelpful
error mentioned above.
My version of 8.1 is up-to-date - the VPN client came right from DELL's website. What am I doing wrong?
Just in case you want to know, yes - I can RDC to non VPN and PPTP VPN sites no problem - and on the same LAN, my XP box can RDC with SonicWALL with no issues.
Please, somebody - i need to get back to Planet 10!Did you ever find a solution to this problem. I am having the exact same problem
-
Greetings. Probably simple thing overlooking here.
Recently changed TZ205 Client VPN from static IPs to DHCP over VPN.
It's a split tunnel VPN allowing Sonicwall X0 + 2 other VLANs. VPN used only for MGT.
Since going DHCP I'll get occasional packet drops and RDP session hangs for 5 sec or so. If I manually assign just IP/mask to adapter no drops.
My desktop will just drop few packets. My Laptop show general failure. What of DHCP over VPN is causing these drops?
Thanks!
This topic first appeared in the Spiceworks CommunityPowerShell Direct – Running PowerShell inside a virtual machine from the Hyper-V hostAt Ignite we announced PowerShell Direct, and briefly demoed it’s capabilities in the “What’s New in Hyper-V” session. This is a follow up so you can get started using PowerShell Direct in your own environment.What is PowerShell Direct?It is a new way of running PowerShell commands inside a virtual machine from the host operating system easily and reliably.There are no network/firewall requirements or configurations.
It works regardless of Remote Management configuration.
You still need guest credentials.For people who want to try it out immediately, go ahead and (as Administrator) run either of these commands on a Windows10 Hyper-V host where VMName refers to a VM running Windows10:Enter-PSSession -VMName VMNameInvoke-Command -VMName VMName -ScriptBlock... -
I created a VPN client account on my RVS4000 but I am unable to connect to it. When I attempt to connect using the OS X VPN client it says it can't connect to the VPN server. The VPN log in the RVS4000 shows this:
May 15 14:58:40 - [VPN Log]: IP interfaces ppp0 and eth0:0 share address xxx.xxx.xxx.xxx!
May 15 14:58:40 - [VPN Log]: no public interfaces found
I suspect that is the problem but I don't know how to correct it in the RVS4000 settings. The WAN is configured for Unnumbered IP + Private.
How do I correct the interface problem?I believe I have the VPN configured correctly on the RVS4000, and I think it should work with the OS X VPN client, but the VPN client always reports that the vpn server does not respond, which is likely related to this entry in the VPN log on the RVS4000 when I enable the VPN:
[VPN Log]: IP interfaces ppp0 and eth0:0 share address xxx.xxx.xxx.xxx!
[VPN Log]: no public interfaces found
I suspect that error is related to the WAN configuration being set to Unnumbered IP + Private, which is necessary for my network configuration, and the VPN settings in the RVS4000 do not allow me to manually set the gateway IP address for the VPN to an unused address in the unnumbered set. That leaves me wondering if it is even possible to use the VPN on this router if the WAN is configured for unnumbered IPs. -
I bought a new Airport Extreme, hooked it up and was enjoying everything that was flawlessly running... Then we tried our vpns.
I ended up calling support to find out what I was doing wrong, and it tunes out that my purchase was the issue!
We have two types of vpns here, cisco and Nortel. The recomendation was to negate our NAT and place everything out in the DMZ. After I finished laughing, I regretably took my unit back.
Is there ANYONE that has a logical fix for this or recomendation... comments? I can see from oher posts that we are not alone here as far as getting propper vpn pass through on the new access point.
We really liked the unit, but can not live without our vpn connections...
ThanksStill reading -- but these links are very useful:
Protocols supported by iOS:
http://support.apple.com/kb/HT1288
Setting up VPN (basic guide):
http://support.apple.com/kb/HT1424?viewlocale=en_US -
After working (sometimes) for a year, now my VPN seems completely broken. I've been using it to access computers on the LAN using ARD while on the road. I can only connect to VPN currently while on the LAN while connecting to OSX Server's router address (10.0.1.1). This work. But if I try to connect the server's external IP address I get no connection. At first I thought it was a firewall issue, but after opening almost everything, both on the server and the client, I still have no luck.
Jeff --
Within the LAN I can connect and authenticate from a client only to the server's internal port (10.0.1.1) although once connected it shows as connected to the server's external IP.
From the client I can ping both 10.0.1.1 and the external IP from within the LAN. Stopped and restarted VPN. It's setup to hand out addressed from 10.0.1.200 to 210. I'm using MS-Chap to authenticate, as Kerberos does not work for VPN for some reason. The DNS server on the "client info" page is set to 10.0.1.1 and a private routing definition is assigned to 10.0.1.0.
The error returned is: "The server did not respond"
It "feels" like a firewall problem, but I have all necessary ports open on both the server and the client.
A log from a recent attempt:
2006-08-25 17:29:45 EDT Loading plugin /System/Library/Extensions/L2TP.ppp
2006-08-25 17:29:45 EDT Listening for connections...
2006-08-25 17:30:05 EDT Incoming call... Address given to client = 10.0.1.200
Fri Aug 25 17:30:06 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:06 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:06 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:06 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:06 2006 : L2TP sent SCCRP
2006-08-25 17:30:06 EDT Incoming call... Address given to client = 10.0.1.201
Fri Aug 25 17:30:06 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:06 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:07 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:07 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:07 2006 : L2TP sent SCCRP
2006-08-25 17:30:07 EDT Incoming call... Address given to client = 10.0.1.202
Fri Aug 25 17:30:07 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:07 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:07 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:07 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:07 2006 : L2TP sent SCCRP
2006-08-25 17:30:08 EDT Incoming call... Address given to client = 10.0.1.203
Fri Aug 25 17:30:09 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:09 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:09 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:09 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:09 2006 : L2TP sent SCCRP
2006-08-25 17:30:09 EDT Incoming call... Address given to client = 10.0.1.204
Fri Aug 25 17:30:09 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:09 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:09 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:09 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:09 2006 : L2TP sent SCCRP
2006-08-25 17:30:10 EDT Incoming call... Address given to client = 10.0.1.205
Fri Aug 25 17:30:10 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:10 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:10 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:10 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:10 2006 : L2TP sent SCCRP
2006-08-25 17:30:11 EDT Incoming call... Address given to client = 10.0.1.206
Fri Aug 25 17:30:11 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:11 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:11 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:12 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:12 2006 : L2TP sent SCCRP
2006-08-25 17:30:12 EDT Incoming call... Address given to client = 10.0.1.207
Fri Aug 25 17:30:12 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:12 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:12 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:12 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:12 2006 : L2TP sent SCCRP
2006-08-25 17:30:13 EDT Incoming call... Address given to client = 10.0.1.208
Fri Aug 25 17:30:13 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:13 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:14 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:14 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:14 2006 : L2TP sent SCCRP
2006-08-25 17:30:14 EDT Incoming call... Address given to client = 10.0.1.209
Fri Aug 25 17:30:15 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:15 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:15 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:15 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:15 2006 : L2TP sent SCCRP
2006-08-25 17:30:15 EDT Incoming call... Address given to client = 10.0.1.210
Fri Aug 25 17:30:16 2006 : Directory Services Authentication plugin initialized
Fri Aug 25 17:30:16 2006 : Directory Services Authorization plugin initialized
Fri Aug 25 17:30:16 2006 : L2TP incoming call in progress
Fri Aug 25 17:30:16 2006 : L2TP received SCCRQ
Fri Aug 25 17:30:16 2006 : L2TP sent SCCRP
Fri Aug 25 17:31:06 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:06 EDT --> Client with address = 10.0.1.200 has hungup
Fri Aug 25 17:31:06 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:06 EDT --> Client with address = 10.0.1.201 has hungup
Fri Aug 25 17:31:07 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:07 EDT --> Client with address = 10.0.1.202 has hungup
Fri Aug 25 17:31:09 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:09 EDT --> Client with address = 10.0.1.203 has hungup
Fri Aug 25 17:31:09 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:09 EDT --> Client with address = 10.0.1.204 has hungup
Fri Aug 25 17:31:10 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:10 EDT --> Client with address = 10.0.1.205 has hungup
Fri Aug 25 17:31:11 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:11 EDT --> Client with address = 10.0.1.206 has hungup
Fri Aug 25 17:31:12 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:12 EDT --> Client with address = 10.0.1.207 has hungup
Fri Aug 25 17:31:13 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:13 EDT --> Client with address = 10.0.1.208 has hungup
Fri Aug 25 17:31:14 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:14 EDT --> Client with address = 10.0.1.209 has hungup
Fri Aug 25 17:31:15 2006 : L2TP received AVP with bad length... AVP type = 0
2006-08-25 17:31:15 EDT --> Client with address = 10.0.1.210 has hungup
Lost count Mac OS X (10.4.5) -
I am currently unable to connect to my VPN server with either of 2 Lion machines 2010 white MacBook and a black MacBook . I run iVPN (L2TP) on an old PPC Mac Mini, my iPhone and iPad still connect instantly. When the Lion machines try to connect for they try for about a minute and fail returning "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator." I currently have my router setup to port foward and use a dynamic DNS. I tried connecting straight to the VPN directly by changing to the internal LAN IP still no luck. Any suggestions
I've been out of my SonicWall VPN since I upgraded to Lion last week. Found a trick and succeeded. I had to reconfigure the settings on the Sonicwall and make sure that the phase 1 and phase 2 authentications were using AES encryption rather than 3DES.
That did the trick and I was back in.
Of course now my 10.6.8 clients are out - I'll post more on that front if I figure it out. -
Windows 8 and IPSec VPN issues
I have a number of customers that leverage the Cisco IPSec VPN. I can connect to the VPN without any problems but when I attempt to RDP, that fails. I have no RDP or ping or anything. Here are some more symptoms of the issues that I find odd:
Anyconnect works just fine
Fortinet VPN clients work fine
Sonicwall VPN clients work fine
Cisco IPSec VPN client is the only one affected
Cisco IPSec VPN client worked fine for months then just decided it was no longer going to allow RDP or ping
I have duplicated this issue on a half dozen or so laptops
This is on a Windows 8 laptop but I believe I have also experienced this on Windows 7
Just to clarify, the IPSec VPN does succesfully connect. But nothing else works after that. I do understand that AnyConnect is the direction that Cisco would like for people to move towards. Unfortunately, I have quite a few customers that are leveraging the IPSec VPN. I have been through a number of laptops in the last year and every single laptop had a working Cisco IPSec VPN for months....then one day it would just stop passing RDP.
Please somebody tell me that there is a workaround for this. I have played with the IP settings for the Cisco Systems virtual adapter in my network and sharing center. I've modified the binding order. I've compared a routeprint from a working laptop to mine....I'm not sure what else to do. I've uninstalled ALL VPN software and only reinstalled the Cisco VPN. So far the ONLY fix I have found is a clean install of Windows and that solution sucks.Doing a little more homework on this and I noticed that the tunnel details show no bytes sent or recieved and no packets encrypted, decrypted, or discarded....everything is bypassed. My coworker (who is on Windows 7) is able to launch this VPN and connect to the customer's servers without issues and the tunnel details show all of the appropriate data.
-
Can't get VPN to work on RV220W
I am a home office user who bought a RV220W router for the speed advertised on smallnetbuilder. I am trying to set up the VPN but can't get it to work with the Quick VPN client. I am using dyndns to manage the dynamic IP and have entered that into the setup noted below. I can access the router remotely (remote administration) when enabled using the dyndns address so I know that is working.
IKE Policy Table
General
Policy Name: krafty001vpn
Direction / Type Responder
Exchange Mode: Aggresive
Enable XAUTH Client: None
Local Identification
Identifier Type: FQDN
FQDN: krafty001.dyndns.org
Peer IKE Identification
Identifier Type: Remote Wan IP
FQDN: krafty001.dyndns.org
IKE SA Parameters
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Authentication Method: Pre-Shared Key
Pre-Shared Key: xxxxxxxxx
Diffie-Hellman (DH) Group: Group 2 (1024bit )
SA-Lifetime: 28800 Seconds
VPN Policy Table
Add / Edit VPN Policy Configuration
Policy Name:
krafty001vpn
Policy Type:
Auto Policy
Remote Endpoint:
FQDN
krafty001.dyndns.org
NETBIOS:
Enable
Local Traffic Selection
Local IP:
ANY
Start Address:
End Address:
Subnet Mask:
Remote Traffic Selection
Remote IP:
ANY
Start Address:
End Address:
Subnet Mask:
Split DNS
Split DNS:
Enable
Domain Name Server 1:
Domain Name Server 2:
(Optional)
Domain Name 1:
Domain Name 2:
(Optional)
Manual Policy Parameters
SPI-Incoming:
SPI-Outgoing:
Encryption Algorithm:
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Key-In:
Key-Out:
Integrity Algorithm:
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
Key-In:
Key-Out:
Auto Policy Parameters
SA-Lifetime:
3600
Seconds KBytes
Encryption Algorithm:
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Integrity Algorithm:
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
PFS Key Group:
Enable
DH-Group 1 (768 bit) DH-Group 2 (1024 bit) DH-Group 5 (1536 bit)
Select IKE Policy:
krafty001vpn
Quick VPN Setip
User Profile: homevpn
User Name krafty001vpn
Password: xxxxx
Server Address: krafty001.dyndns.org
Port for QuickVPN: Auto
Any help in identifying what setup component I have configured incorrectly would be appreciated
ThanksI am not sure this will help but make sure the following is set correctly:
Currently VPN is somewhat broken on all versions of firmware of the RV220W including beta where VPN will ONLY negotiate on 443. If you are port forwarding 443 to a server or something else it will fail. You must allow the VPN to authenticate on 443. The router SHOULD be able to connect on 60443 as indicated on the QUICKVPN software however it doesn't this has been confirmed by a CISCO engineeer I have been speaking with regarding my VPN woes. Currently there is NO ETA on this fix.
But since you didn't mention if your 443 ports were being routed elsewhere I figured i would lay out that information here incase you where. Also I strongly recommend contacting Cisco Support for the beta firmware it makes the RV220W much better.
Also the reason for the update to the beta firmware it resolves the hair pinning problem which could also lead to VPN issues. -
Adobe freezes when connected to Sonicwall
Adobe reader XI hangs when I am connected to a sonicwall VPN connection. Note that I am not opening the reader on the remote desktop. I am doing it on my Home PC. However, if I disable my sonicwall connection, then the adobe reader opens instantly. Else, the tools tab on the right side hangs and I am not able to open the pdf. Please help immediately
Adobe Reader is trying to Access Acrobat.com service and trying to connect other online services. So once you are behind the firewall it takes time and might crashing because of the similar reasons.
How did you install Reader XI, How many machines you are facing issue with.
Regards,
Ajlan Huda. -
IOS 4.2.1 Broke VPN
Any reason 4.2.1 would break our VPN connection?
Currently connecting to a SonicWall VPN using L2TP. Everything worked great on 3.2.2, but broke on 4.2.1. I have even downgraded and it works fine, but no go on 4.2.1Yes it does get to the firewall:
IKE Responder: ESP encryption algorithm does not match
RECEIVED<<< ISAKMP OAK QM (InitCookie:0x259ef61e052e2f4d RespCookie:0x141170aedc8317ca, MsgID: 0xFDB1207D) *(HASH, SA, NON, ID, ID, NAT_OA, NAT_OA)
IKE Responder: ESP encryption algorithm does not match
IKE Responder: IPSec proposal does not match (Phase 2)
Maybe you are looking for
-
How can I delete null values from List Item?
Hi Friends, I used List item for field job_Type, I entered values in List item at design time through property pallet. When I run form I will see null values in this List Item. How can I remove these null values from the List? Best regards, Shahzad
-
Purchase Order print output - Company Name changed
Hi experts, My plant name is changed I want the new name to appear at the bottom of the Purchase Order above Authorized signatory field. Please suggest how to do. Regards, ( Rajneesh Gulati )
-
hello friends, i am from india. there is no issue after update my Q10 to 10.2.0.424 . I got priority hub after update. thank you blackberry.
-
I have an Iphone 4S, and I recently downloaded the IOS7, my Iphone now isn't an Iphone anymore it became an ugly Samsung!!!!! and is much slower!!!! What can I do to get my old better Iphone back???
-
Navigate to a different report from the Drill down path
Hi, I have a question regarding the navigation. I have a summarized report showing the fields City, Year and Count. Now the user has the privilege to drill down on the Day dimension. He can drill down from Year to Quarter to Month to Day. Is there a