I have a Sonicwall TZ470 with Sonic OS 7 in which I can VPN into using the global vpn client. We have contracted a US based company to do some contract work and they need to have VPN access as well. When trying to connect via multiple different PC’s their ISAKMP packets fail, so I am never presented with a successful connection in order to put in the shared secret. I can ping the static IP from their PC’s and if I use another Sonicwall from other sites in the same town Im in, they can connect. The biggest difference being the Sonic OS is version 6.5 on the successful connection and OS 7.0 on the unsuccessful version. I have triple checked my settings. I feel like this is a very simple fix, but I just dont know what switch to toggle.
So, it turns out that the remote client was behind a NAT that was dropping the initial handshake. Once that was fixed on their end, the problem was resolved.
TZ400 is not capable of SonicOS 7, check your facts first please.
What version of the sonicwall global client do they have is it the latest one. Did you turn on keepalive on your side. Does the client firewall allow this traffic to pass thru it
check that the GEO IP filter is not on. Run a packet capture to see if your connection is even hitting your firewall.
I’ll edit the question. I recently replaced the sonicwall from a 400 to a 470. Still have the 400 on my mind. It was in place for years.
The newest version. 4.19.4 I believe? Yes, keep alive is on. I need to check their firewall. Im starting to think it’s their router/modem, because the log for the client starts by saying this device is behind a NAT. I’m going to troubleshoot more tonight and I’ll update once I have some more details.
I did check the Geo ip filter. I’ll run a capture. The only test I’ve done from their side outside of the VPN client is pinging the static IP of the office they are trying to connect to and running a trace route. Both were successful.
I believe there is a checkbox on the VPN client for this. Something to do with the packet size for the initial packet. I can’t recall the exact option name at the moment but it’s a client side setting.
Yes, I have that checked. I’ve been in contact with Sonicwall support, but the first few suggestions I have tried.