Archived from groups: comp.security.firewalls (More info?)

Hello,
At my office I have a sonicwall 3060 with vpn. At home I have sonicwalls
client thing, to enable me to log in. All works fine. I've got a few PCs
that I want to share the net with at home, so I've gone and purchased a
d-link DI-604 which works fine, except I can't get the VPN passthrough to
work... That is, phase 1 and phase 2 both work fine, and according to the
snwl connection monitor, I have a vpn tunnel established, but I can't ping
anything on the office side. According to the traffic monitor, I'm sending
encrypted data, but I'm never receiving any back.
 
Not sure if it helps but:
phase 1: preshared, des, md5 and DH2
2: esp with des and md5
 
vpn pass through is enabled on the dlink, and port 500 tcp/udp are set to
fwd to my local lan ip. Anyone think of anywhere I'm going wrong? Also, my
local ip is in the range of 192.168.0.0/24. Now, somewhere at work, the
192.168.0.0/16 IP addresses are used for remote sites (actaully some of our
stores). Does this matter? I'm assuming the sonicwall at work just goes of
the public address my ISP has assigned me (or my router). The actaul address
of 192.168.0.1 of my router isn't actaully used at work... But it's probably
subnetted off to somewhere else...
 
Hope taht all makes sense, any help appreciated!
 
Cheers
Barry

Archived from groups: comp.security.firewalls (More info?)

Barry wrote:
 
> Hello,
> At my office I have a sonicwall 3060 with vpn. At home I have sonicwalls
> client thing, to enable me to log in. All works fine. I've got a few PCs
> that I want to share the net with at home, so I've gone and purchased a
> d-link DI-604 which works fine, except I can't get the VPN passthrough to
> work... That is, phase 1 and phase 2 both work fine, and according to the
> snwl connection monitor, I have a vpn tunnel established, but I can't ping
> anything on the office side. According to the traffic monitor, I'm sending
> encrypted data, but I'm never receiving any back.
>  
> Not sure if it helps but:
> phase 1: preshared, des, md5 and DH2
> 2: esp with des and md5
>  
> vpn pass through is enabled on the dlink,
 
THAT is possibly the problem. There really is no "standard" way to do  
that. Part of the IPSEC payload that the VPN connection uses is the IP  
address of the endpoint. If that doesn't match the source address of the  
IP packet it arrives in, then it gets dropped (I think)
 
> and port 500 tcp/udp are set to
> fwd to my local lan ip.
 
You need to do more than that. You need to forward IP protocol 50 (which  
is neither TCP or UDP) as well. I bet the dlink can't do that.
 
  Anyone think of anywhere I'm going wrong? Also, my
> local ip is in the range of 192.168.0.0/24. Now, somewhere at work, the
> 192.168.0.0/16 IP addresses are used for remote sites (actaully some of our
> stores). Does this matter?
 
Depends on exactly how the VPN is set up on the 3060. It's probably set  
up to assign an address to the client.
 
> I'm assuming the sonicwall at work just goes of
> the public address my ISP has assigned me (or my router).
 
>The actaul address
> of 192.168.0.1 of my router isn't actaully used at work... But it's probably
> subnetted off to somewhere else...
 
>  
> Hope taht all makes sense, any help appreciated!
>  
> Cheers
> Barry
>  
>

Archived from groups: comp.security.firewalls (More info?)

"T. Sean Weintz" <strap@nserts-r-us.org> wrote in message
news:40e461b4$0$98992$a1866201@newsreader.dsl.net...
> Barry wrote:
>
> > Hello,
> > At my office I have a sonicwall 3060 with vpn. At home I have sonicwalls
> > client thing, to enable me to log in. All works fine. I've got a few PCs
> > that I want to share the net with at home, so I've gone and purchased a
> > d-link DI-604 which works fine, except I can't get the VPN passthrough
to
> > work... That is, phase 1 and phase 2 both work fine, and according to
the
> > snwl connection monitor, I have a vpn tunnel established, but I can't
ping
> > anything on the office side. According to the traffic monitor, I'm
sending
> > encrypted data, but I'm never receiving any back.
> >
> > Not sure if it helps but:
> > phase 1: preshared, des, md5 and DH2
> > 2: esp with des and md5
> >
> > vpn pass through is enabled on the dlink,
>
> THAT is possibly the problem. There really is no "standard" way to do
> that. Part of the IPSEC payload that the VPN connection uses is the IP
> address of the endpoint. If that doesn't match the source address of the
> IP packet it arrives in, then it gets dropped (I think)
 
 
I've tried sticking my ip in the dmz... makes no difference that i can tell.
I dont understand how the tunnel is created yet no data ever returns to me
from the other end...
 
 
>
> > and port 500 tcp/udp are set to
> > fwd to my local lan ip.
>
> You need to do more than that. You need to forward IP protocol 50 (which
> is neither TCP or UDP) as well. I bet the dlink can't do that.
 
 
hm no option for that. Is that the protocol thats used after the tunnel is
created? As its created fine.
 
wtf does vpn passthrough actaully do....?
 
 
>
>   Anyone think of anywhere I'm going wrong? Also, my
> > local ip is in the range of 192.168.0.0/24. Now, somewhere at work, the
> > 192.168.0.0/16 IP addresses are used for remote sites (actaully some of
our
> > stores). Does this matter?
>
> Depends on exactly how the VPN is set up on the 3060. It's probably set
> up to assign an address to the client.
 
 
nope!
 
 
>
> > I'm assuming the sonicwall at work just goes of
> > the public address my ISP has assigned me (or my router).
>
> >The actaul address
> > of 192.168.0.1 of my router isn't actaully used at work... But it's
probably
> > subnetted off to somewhere else...
>
> >
> > Hope taht all makes sense, any help appreciated!
> >
> > Cheers
> > Barry
> >
> >
 
cheeers!