NAT Firewall on router blocking sonicwall VPN...

Status
Not open for further replies.

steve101

Distinguished
Dec 22, 2005
1
0
18,510
Hi all,

Basically using a Belkin wireless DSL Router as a means of sharing internet access throughout the house. The problem is that I need to connect to my works VPN via a sonic wall connection and I'm getting the following error message:

The peer is not responding to phase 1 ISAKMP requests.

Now I'm pretty sure its down to the NAT firewall on my router blocking inbound packets as I know that they are being received by the sonic wall and sent back to me. Now I've had a look around and apparently this is a pretty big issues with sonic walls and in order to connect I'm going to need to turn firewall off on my router (not an ideal solution, but I do have other firewalls in place...).

The problem is that when I turn the NAT off I lose all internet connection, so I was wondering if anyone knew of the settings I need to configure to get this to work. Or if anyone has any better solutions?

Cheers for any help,

Regards,


Steve.
 

TC10284

Distinguished
Sep 10, 2001
151
0
18,680
hey,

You don't need to disable NAT. NAT is what translates the external WAN IP's to your internal LAN's private IP's and vice versa. When you disable it, you'd have to setup static routes to another router in order to get anywhere because if not, your router does not know where to route packets.
You should only need to forward ports to the PC that you are trying to connect to your work VPN. You will need to ask the network admin/IT at your work to get them to tell you what ports you need to forward in your home router so you can connect to the VPN. If you do a google search for Sonic VPN port, you may be able to find a default port for Sonic VPN, but the ports it uses really depend on how the Net. admin/IT set them up (which I think choosing ports is common across all VPN software.)

Also keep in mind that your home network is most likely using DHCP from the router. If you forward the VPN port to your PC and the PC gets a different IP the next time it is leased, the port forward will stop working because the port will be forwarded to a different IP address. For that you would need to give your PC a static IP outside of the router's DHCP range but still in the same subnet as your router. Such as, if your router has an IP of 192.168.1.1/24 (192.168.1.1 and a subnet of 255.255.255.0) and has a DHCP range of 192.168.1.100 to 192.168.1.254, then give your PC a static IP of 192.168.1.2 subnet of 255.255.255.0 and a gateway of 192.168.1.1.
If you don't want to do that, your router should let you reserve an IP for your desktop PC (actually it reserves it by the MAC address of your PC's network card) and won't give it out to any other network card.
 

TC10284

Distinguished
Sep 10, 2001
151
0
18,680
Here is something I found on google:
http://www.sonicwall.com/support/pdfs/technotes/GVC_Peer_is_Not_Responding_to_Phase_1_Requests.pdf

It does look like you will need to forward a port. That should solve it from what I can tell.
You may also want to look in your router to see if it is set by default to "disable WAN requests" or "block WAN requests" (may also be called ICMP packets or echo requests). ICMP is basically pings and tracert packets used to tell if the destination is available (a type of error reporting for IP).
Anyway, if that's enabled, try disabling it and then connecting to your VPN.
 
Status
Not open for further replies.