This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure Astaro Secure Client to work With Sonicwall firewall?

Hi,

We are using sonicwall for firewall/vpn service between offices. Our employees connect to Soniwall from home using Global VPN Client. There is also a need for a several employees to connect to the Astaro firewall at client permises. As far as I know running two VPN clients on one machine is not really possible - although I have seen a few laptops that worked.

My question is:
Is it possible to configure the ASTARO Client to connect to the Sonicwall Firewall? Or if it is possible to use Global VPN Client for connection to Astaro Firewall (propably not as it is less advanced)?

Any help would be much apprecieated.

Thanks,
Tom

This thread was automatically locked due to age.

Parents

0 tomtomek over 15 years ago

Hi all,

I have managed to successfully configure the Astaro client to connect with the Sonicwall device... but I have one small issue...

I can connect no problem to the Sonicwall firewall, I authenticate and everything works fine in terms of connecting and staying up.... but I have a problem with the IP address assignment.

On Sonicwall firewall, the internal Sonicwall DHCP server is disabled, and there is one machine in the network (DC) that acts as a DHCP server for local and for VPN connections.

In Astaro I have 4 options and I would like to present what’s happening on them:

1: IKE config mode
2: local IP address
3: DHCP over IPSec
4: manual IP address

If I choose option 1:
I get the following error:
14/09/2009 16:40:08SUCCESS: Ike Extended Authentication is ready
14/09/2009 16:40:09IkeCfg: XMIT_IKECFG_REQUEST - connection1
14/09/2009 16:40:10Ike: phase1:name(connection1) - error - Delete indication received

and it just disconnects

if I choose option 2:
Everything works - I can ping other computers in the network (local LAN IP addresses), can browse shares, but need to enter username and password once again when trying to access the share. And IP is not from the poll of DC but it is just private computer interface IP i.e. (192.168.x.x)

if I choose option 3:
I get the following error:
14/09/2009 16:40:57IPSec: connected: LifeDuration in Seconds = 20160 and in KiloBytes = 0
14/09/2009 16:40:57IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:01IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:06IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:11IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:15Ike: NOTIFY : connection1 : SENT : NOTIFY_MSG_R_U_HERE : 36136
14/09/2009 16:41:16IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:18Ike: NOTIFY : connection1 : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
14/09/2009 16:41:21IPSec: DHCP request failed
14/09/2009 16:41:21ERROR - 4019: Timeout waiting for DHCP over IPSEC response.
14/09/2009 16:41:21IPSec: AUTOMEDIA DETECT - Tried all avaliable media types
14/09/2009 16:41:21IPSec: Disconnected from connection1 on channel 1.

when I choose option 4:

I am able to connect, authenticate etc, I get the manual IP address, but I cannot access or ping other devices in the network.

The option 2 (local IP address) works for me ... but I would like the Astaro to communicate with the DHCP server and get the address... is there anything in the configuration that could enforce that?

Thanks and best regards,

Tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tomtomek over 15 years ago

Hi all,

I have managed to successfully configure the Astaro client to connect with the Sonicwall device... but I have one small issue...

I can connect no problem to the Sonicwall firewall, I authenticate and everything works fine in terms of connecting and staying up.... but I have a problem with the IP address assignment.

On Sonicwall firewall, the internal Sonicwall DHCP server is disabled, and there is one machine in the network (DC) that acts as a DHCP server for local and for VPN connections.

In Astaro I have 4 options and I would like to present what’s happening on them:

1: IKE config mode
2: local IP address
3: DHCP over IPSec
4: manual IP address

If I choose option 1:
I get the following error:
14/09/2009 16:40:08SUCCESS: Ike Extended Authentication is ready
14/09/2009 16:40:09IkeCfg: XMIT_IKECFG_REQUEST - connection1
14/09/2009 16:40:10Ike: phase1:name(connection1) - error - Delete indication received

and it just disconnects

if I choose option 2:
Everything works - I can ping other computers in the network (local LAN IP addresses), can browse shares, but need to enter username and password once again when trying to access the share. And IP is not from the poll of DC but it is just private computer interface IP i.e. (192.168.x.x)

if I choose option 3:
I get the following error:
14/09/2009 16:40:57IPSec: connected: LifeDuration in Seconds = 20160 and in KiloBytes = 0
14/09/2009 16:40:57IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:01IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:06IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:11IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:15Ike: NOTIFY : connection1 : SENT : NOTIFY_MSG_R_U_HERE : 36136
14/09/2009 16:41:16IPSDIAL:send DHCP_DISCOVER
14/09/2009 16:41:18Ike: NOTIFY : connection1 : RECEIVED : NOTIFY_MSG_R_U_HERE_ACK : 36137
14/09/2009 16:41:21IPSec: DHCP request failed
14/09/2009 16:41:21ERROR - 4019: Timeout waiting for DHCP over IPSEC response.
14/09/2009 16:41:21IPSec: AUTOMEDIA DETECT - Tried all avaliable media types
14/09/2009 16:41:21IPSec: Disconnected from connection1 on channel 1.

when I choose option 4:

I am able to connect, authenticate etc, I get the manual IP address, but I cannot access or ping other devices in the network.

The option 2 (local IP address) works for me ... but I would like the Astaro to communicate with the DHCP server and get the address... is there anything in the configuration that could enforce that?

Thanks and best regards,

Tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data