How do I set up VPN access to the LAN through a Sonicwall Router/Firewall?

[coolVariable]

we have a Sonicwall Soho TZW acting as firewall and router for our LAN.
I would like to set it up, so it allows remote clients to access our LAN via VPN.
The Sonicwall manual is so complicated ... it sounds like Zulu to me.
Has anyone ever done this on the almighty AT forum?

 

[coolVariable]

Is it just me or have people become less helpful on here?

 

[John]

Nowadays, people only seem to help those that post in the proper forum, and wait more than a few hours to bump their thread.

 

[coolVariable]

merciless bump

 

[Fugifighter]

I'm assuming you have the necessary number of VPN Client licenses. 1 for each user you'd like to connect to your LAn at one time.

I dont have a SonicWall TZW, I have a Pro200 and it's been a while since i've installed this thing on remote pcs...... So let me know if these directions work for you...

Go to https://www.mysonicwall.com/Login.asp
Login and click on your Sonicwall TZW
Click on the link for Global VPN Client to download a client install

Next, log into your Sonicwall TZW and go to the VPN tab
There should be a GroupVPN entry there that was there by Default
Click on that and look at the "Shared Secret" key.
Copy and paste that into a text file, you'll need that later when setting up the Client

Next, click on the "Export Settings..." button below the Shared Secret key
Save the File

You should now have a Shared Secret Key txt file
the Settings file you just saved
and the Client install file
Transfer all of these files to the computer which you want to give Remote VPN access into your LAN

Start installing the VPN Client
Choose custom install and only select the SafeNet IPSEC component to install
restart the PC
after logging back into the PC you might get a new pop up window... hit cancel to get to desktop
after your computer finishes loading double click on the new S/N icon in the systray
Choose File -> Import security Settings and choose that Settings file you saved from your Sonicwall
Import that file and then expand the tree til you see "My Identity"
Click on that and then click on the "Pre-Shared Key" button
Enter the Key from the Shared Secret Key.txt file you copied and pasted.
Click ok and save changes

you might want to create new LMSHOST files for your remote PC so they can find your servers by name... or you can just use your Internal IP Addressing scheme.

Oh, and if this remote PC is a laptop that can be brought into the Office... tell them to right click on their S/N icon and choose "Deactivate Security Policy"

They must choose "Activate Security policy" if they are outside of your LAN.

PM me and let me know if this helps.

Fugi

 

[n0cmonkey]

Wow, must be an awfully complicated manual... I can't imagine it being tougher than opening the proper ports from the client ip address to the VPN concentrator.

But, if the manual is that complicated, I'd rethink the decision to allow VPNs...

 

[coolVariable]

the manual goes totally overboard (as does the security for this device which is so complicated - it is probably not configured right).

Is there a way to connect using the WinXP VPN or the Cisco VPN?
Supposedly the Sonicwall is compatible with them (L2TP) ...
But using the WinXP VPN I always get an error message: Error 789 ...

 

[Fugifighter]

I havent had a chance to dabble in WinXP VPN or a Cisco VPN client.

I'm assuming as long as you match the encryption algorithms and the Shared Secret key, then you should be ok?

Have you checked the Support pages for Sonicwall? I'd look now but i'm swamped with work. sorry...

 

[hausdave]

The company i work for has sonicwall junk at locations all over the place and my experience is that using the proprietary sonicwall vpn client is the only way to successfully connect remote users via VPN with sonicwall.

 

[Slap]

Originally posted by: hausdave
The company i work for has sonicwall junk at locations all over the place and my experience is that using the proprietary sonicwall vpn client is the only way to successfully connect remote users via VPN with sonicwall.

We use Sonicwall's here and they are far from junk. We have the Pro 3060 with two T1's and it provides failover and load balancing as well as firewall and VPN. We use Tele3 SP's at our remotes. THe only other VPN client I have gotten to work other than the SonicWall was the Funk Pocket PC VPN client.

 

[coolVariable]

I would be fine with the sonicwall just letting the VPN connect through the firewall to the file server which is running XP Embedded (And which I set up to accept incoming VPNs).
But again the firewall is so secure, it seems I can only turn it off to get it to work!
I agree: Sonicwall is junk.
And their manuals are NOT helpfull!
WHY do they have to do things differently from all other routers/firewalls?

 

[DancingBear]

You need to hire a professional.

Your problems are most likely Windows issues, not Sonicwall. I frequently recommend SonicWall to customer because of their ease of use for basic functions. Loggging into a Windows domain remotely is not a simple function. By tinkering, you are jeopardizing the security of your corporate network.

 

[coolVariable]

I am not logging into a domain!
Sonicwall is a piece of junk!!!
It clearly states that it is supposedly compatible with WinXP and Cisco.
The more research I do the more it seems it is NOT!!!
The WinXP VPN is the most simple thing in the world. And it works perfectly inside the network, only the STUPID sonicwall which is set up to pass the necessary ports through (!!!!) blocks it!



My advice for anybody setting up networks: DO NOT BUY SONICWALL!!!!

 

[n0cmonkey]

What type of VPN are you trying to use (pptp, ipsec, ?)?

What ports are you allowing through as relating to the vpn?

What protocols are you allowing through on those ports?

Did you do a packet dump on the inside to make sure it isn't passing the traffic?

You aren't trying to go to an rfc 1918 ip address are you?

I have no opinion about sonicwall, beyond what I typically think of proprietary firewalling technologies.

 

[n0cmonkey]

Originally posted by: Slap

Originally posted by: hausdave
The company i work for has sonicwall junk at locations all over the place and my experience is that using the proprietary sonicwall vpn client is the only way to successfully connect remote users via VPN with sonicwall.

We use Sonicwall's here and they are far from junk. We have the Pro 3060 with two T1's and it provides failover and load balancing as well as firewall and VPN. We use Tele3 SP's at our remotes. THe only other VPN client I have gotten to work other than the SonicWall was the Funk Pocket PC VPN client.

Is that HA or just link failover?

 

[lMlHuxley]

What type of VPN are you using? I set one of these up a year ago I may be able to help

 

[coolVariable]

I would like to use either the WinXP VPN (PPTP or L2TP w/IPSec) or the Cisco VPN.

I forward port 1723 which according to the MS website would be needed for PPTP (which I set up on one of our internal servers running WinXP embedded).