SonicWall VPN

S

staticz

Limp Gawd
Joined
Feb 19, 2008
Messages
184
I am attempting to setup a VPN for some of the users at our company. We have a SonicWall TZ170 firewall. I have the VPN setup but am running into some issues and was just hoping that hopefully someone on here would have some experience with the issue.

I can connect to the VPN but it will not assign an IP address. I have literally gone through and redone the the setup according to the manual at least 4 times. I have DHCP enabled on the firewall and given an adequate amount of available addresses, but the VPN client hangs on the "Acquiring IP" status.

The VPN client's log says: "Failed to renew the IP address for the virtual interface."

The Firewalls log doesn't seem to have any errors showing up, and until I turn on the "DHCP lease" option the client connects to the VPN but of course doesn't receive an IP address. When "DHCP lease" is turned back on the client doesn't make it all the way through the connection phase.

It is obviously an issue with the DHCP on the firewall but I have no clue where to start. I've followed the guide from SonicWall to a T, with no results.

This issue has seriously started to make me wonder if I chose the right career path...(about to graduate in May)
 
What VPN IPs are you assigning, what are the "real" IPs to the computers VPNing in.
 
The address pool for the VPN is 10.0.0.10 - 10.0.0.30. The "real" IPs that I have tested on are ones at work (also 10.0.0.0) and then at my home on 192.168.1.0, neither were successful.
 
Welcome to the wonderful world of Sonicwall, where they restrict certain configurations based on best business practices...even if it makes your job a nightmare.
 
Hunterzyph said:
Welcome to the wonderful world of Sonicwall, where they restrict certain configurations based on best business practices...even if it makes your job a nightmare.
Click to expand...

It has been an interesting adventure I will say that.

I did have success setting the IP addresses manually but the log now says "IP spoof dropped" each time I try to ping a machine on the network.
 
On my clients...their SBS box runs DHCP. I have the Sonicwall relay DHCP tweenst the VPN clients and wireless clients...and their Small Biz Server.

In the Sonicwalls web admin, VPN section, DHCP over VPN, I have it set as central gateway, then hit the configure button..and on mine it's set to "Send DHCP requests to the DHCP server listed below"...where I entered the LAN IP of the Small Biz Server.
 
If you're installing the software client on Vista machines you have to open a port in windows firewall for dhcp to work. Sorry off the top of my head I don't remember, but if you're using the latest version of the client it will tell you the port that needs to be open during the install. If you don't see that then the software you're using may be outdated.
 
YeOldeStonecat said:
On my clients...their SBS box runs DHCP. I have the Sonicwall relay DHCP tweenst the VPN clients and wireless clients...and their Small Biz Server.

In the Sonicwalls web admin, VPN section, DHCP over VPN, I have it set as central gateway, then hit the configure button..and on mine it's set to "Send DHCP requests to the DHCP server listed below"...where I entered the LAN IP of the Small Biz Server.
Click to expand...

YOSC is correct, if you are running DHCP on a server in your network. If you are, then turn DHCP OFF on the Sonicwall. Use the DHCP relay to point to your network's dhcp server. You reference a DHCP pool- where did you set this? On the Sonicwall or on your DHCP server?
 
YeOldeStonecat said:
On my clients...their SBS box runs DHCP. I have the Sonicwall relay DHCP tweenst the VPN clients and wireless clients...and their Small Biz Server.

In the Sonicwalls web admin, VPN section, DHCP over VPN, I have it set as central gateway, then hit the configure button..and on mine it's set to "Send DHCP requests to the DHCP server listed below"...where I entered the LAN IP of the Small Biz Server.
Click to expand...

That is how I had it setup, and it would still hang.

twwabw- DHCP was running on the server, I turned it on on the firewall and hell broke loose so I set it back to run on the SBS. What is the advantage of running it on the SBS instead of the firewall?

My biggest problem is that the guy before me didn't write anything down, and left the company before I had a chance to meet with him. His lack of writing skills coupled with my inexperience has made for an interesting ride, but this is the only real annoying issue I haven't been able to handle. BTW I have started a "procedural book" where I write down all of our configurations, and how I do things, I would assume this is something that should have been done a long time ago?
 
staticz said:
DHCP was running on the server, I turned it on on the firewall and hell broke loose so I set it back to run on the SBS. What is the advantage of running it on the SBS instead of the firewall?
Click to expand...

You want your infrastructure server to run DHCP.
It hands out the IP of your DC as the DNS server to clients. Clients NEED that to log into active directory properly. Your firewall by default will hand out your ISPs DNS servers, or itself, as the DNS servers. This would break active directory.
Clients register with active directory as they log in, so they stay better integrated with AD. You want your server to do server stuff...keep things tighter.

It sounds like your sonicewalls DHCP forwarding is not setup to your SBS IP correctly.
 
You must log in or register to reply here.
Back
Top