RE: [m0n0wall] Settings to allow Sonicwall VPN client connection from LAN PC

From:	"Craig Ogier" <baloor at bigpond dot net dot au>
To:	"'James W. McKeand'" <james at mckeand dot biz>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Settings to allow Sonicwall VPN client connection from LAN PC
Date:	Wed, 1 Dec 2004 23:16:37 +1000

The Sonicwall VPN client version I was provided is version 2.0.0.1113
I have asked our Administrator and he has confirmed that NAT Traversal is
enabled on the Sonicwall end.
From viewing the connection logs on the client, NAT Traversal is enabled
when I connect from another location that is behind a Smoothwall box.

The VPN connection utilises user certificates. Not sure if this makes things
significantly different than just shared secret.

The connection log in the Sonicwall Global VPN Client fails at:
Starting ISAKMP phase 1 negotiation.
The peer is not responding to phase 1 requests.

If I take the M0n0wall out of the equation, I connect immediately.

-----Original Message-----
From: James W. McKeand [mailto:james at mckeand dot biz] 
Sent: Wednesday, December 01, 2004 10:21 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Settings to allow Sonicwall VPN client connection
from LAN PC

Chris Buechler wrote:
> On Wed, 1 Dec 2004 13:58:44 +1000, Craig Ogier
> <baloor at bigpond dot net dot au> wrote: 
>> I am currently needing to connect to my work VPN from my laptop
>> using the Sonicwall VPN Client. However it seems M0n0wall is
>> preventing the connection. The logs show traffic as being blocked,
>> but it doesn't go so far as listing ports just IP. 
>> 
>> What settings do I need to configure to allow this VPN connection
to
>> passthrough. From a little googling I have discovered and have
tried
>> creating rules to pass TCP/UDP 50,51,500&4500 through to the LAN,
>> but this does not seem to be enough. 
>> 
> 
> There is probably a setting on the Sonicwall for NAT Traversal.
VPN's
> are a pain behind NAT if you don't turn this on (on the VPN server,
in
> this case the Sonicwall).  I'd check that first.
> 
> -Chris
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

SonicWall VPN client v.8.0.0 has worked from here with no changes on
my m0n0wall (1.1 on net4501). The VPN client will usually detect a NAT
and will use NAT-T if needed. There are no settings on the SonicWall
to change either.

What does the VPN Client Log say when you try to connect? Can you
connect with out the m0n0wall? The biggest problem I have had with
SonicWall VPN's is getting the pre-shared key *EXACTLY* right - I tend
to fat finger it.

_________________________________
James W. McKeand

P.S. There may be a delay in my responding - I'm going in for minor
surgery this morning.

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch