So I have a small business, installed the TZ105 yesterday. My business partner was able to connect to the VPN SSL but he cannot do anything after he connects. Ideally I would want him to have access SQL Server and the files on our server.
Is there an easy way to give him Remote Desktop access to this machine now that he has VPN access? If he tries to remote to the server he gets this error.
Any guidance would be much appreciated.
Notes from thread:
Windows firewall is off on server running windows 7 pro behind firewall which is trying to get accessed by…
Windows firewall is off on laptop trying to remote desktop to above server
Prior to connecting to VPN laptop has:
IP: 192.168.1.140
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
I’m able to connect laptop to VPN SSL, at which point it gets a PPP:
IP: 192.168.168.106
Subnet Mask: 255.255.255.255
I cannot ping from laptop to server
I get: Reply from 192.168.1.140: Destination Host unreachable
tracert shows similar message (Destination Host unreachable)
I can ping from server to laptop (IP above: 192.168.168.106)
FWIW I purchased a license for the Global VPN (didn’t realize this was the old way of allowing vpn connections and that VPN SSL is free now). So if there are any easier solutions to use the Global VPN License let me know.
Did you add the address objects in for the remote network?
E.g if your office network is 172.xxx.xxx.xxx and his is 192.168.xxx.xxx you’ll need to add this address object into the list, then under the VPN you will be able to select the address object to allow it to traverse the VPN.
You’ll need to do the same thing on the remote router but add in your 172.xxx.xxx.xxx address range.
EDIT: I might have entirely misread your question HOWEVER your sonicwall will give him a VPN address when he connects to the box with net extended. Might want to make sure the firewall isn’t blocking that address range and that the address objects are created
Not sure if this is your situation. But I installed SonicWall’s at a company with an internal address scheme of 192.168.0.x - if someone goes home with a SonicPoint and their local LAN is also setup for that same address - they cannot connect. If you are still having problems you might want to check to see what their home network is setup for, it might conflict with your work network.
Sorry, I’m giving you a downvote because this is basic troubleshooting stuff, and IMHO, not really worthy of this sub-reddit’s time. I would recommend Googling and learning for a few more days before making another “help” post here again.
Everyone who reads this, please feel free to downvote me…but seriously, somebody had to say it. This is very basic stuff and I don’t think it really belongs here.
EDIT: I think /r/techsupport would maybe be a more fitting sub-reddit for this.
I’d bet you don’t have DNS set up for VPN traffic. If so, he’d be able to ping IPs of servers, but not resolve hostnames. Don’t have a SW to log into at the moment, so I can’t guide you to the correct settings page, but it’s been an issue that gave me fits a few years back.
Try installing the latest version of NetExtender. The version installed by your TZ105 might be too old for win7. Log into your MySonicwall.com account, go to free downloads and get the latest. Our Win8 users have had this same problem you described and manually upgrading their NetExtender’s solved the problem.
While you’re on MySonicwall, register your device and get the latest firmware.
If you’re still having problems, log into the TZ105 web interface and go to the log view. You can observe the error messages as the problem is occurring. Maybe you your NetExtender IP addresses overlap with some other IP addresses on the LAN. In that case, you wouldn’t be able to access anything on the LAN.
If you look a little closer at your errors, you should be able to spot the problem pretty quickly.
I get: Reply from 192.168.1.140: Destination Host unreachable
The VPN client is NOT routing traffic over the VPN, instead it is trying to send it to the router on its lan which doesn’t have a route to a 192.168.168/24 subnet. There is a couple reasons this could be, but usually it’s caused by not having the proper routes advertised on the VPN server. Since this is a Windows system, could you please post the output of “route print”.
This looks like it’s got everything nailed down. Once you’ve got this setup, you can install NetExtender and set it to connect to the IP or hostname, include the port as set via the guide. If you aren’t authenticating against an existing domain, use LocalDomain, and all fields are case-sensitive.
Once the NetExtender is connected, he can use RDP normally.
I’ve had enough strange issues with the NetExtender that I just make access rules for a VPN server behind the firewall. Though the sonicwall to sonicwall VPN connections for CDP are super reliable.
I think I am close, I watched a video previous to posting (but it was for terminal services/vnc) where I was instructed to create:
Name: “Terminal Services Public”
Zone: WAN
Address Detail: 1.1.1.1/255.255.255.255
Name: “Terminal Services Private”
Zone: LAN
Address Detail: 192.168.1.123/255.255.255.255
Create a Service Group:
Terminal Server Services (include Terminal Services, Citrix, VNC - I didn’t see remote desktop as an option, possibly different name or irrelevant?)
Finally under Firewall > Access Rules
I clicked “Add…”
WAN > LAN | Terminal Server Public | Terminal Server Services
Seems like I am missing something since I created Terminal Services Private address group but it is not referenced anywhere.
Sorry I am not a network guy so I’m struggling to figure out how to do this.
The IP of my sonicwall begins 70.x.x.x like you mentioned so not sure if that is important, he is able to access the VPN and run NetExtender, it is just from there he cannot do anything.
If this is classified as “basic troubleshooting stuff” why was no one able to identify the problem? The best advice I received (and this is not a slight against anyone that offered help) was to contact Dell since the product should have been under warranty for free support, which wasn’t even true.
I find it interesting that you think a situation where someone has no problems connecting to VPN, but cannot Remote Desktop to a system behind the firewall is basic troubleshooting. I’m at the point where he is able to ping the server (from help I received from Dell after buying a 1 year contract), but he still receives an error trying to Remote Desktop. I assume its because he is running Vista since I have no problems with Win7 rdp-ing outside of the network. I don’t think a problem that requires a user to upgrade Operating Systems to resolve falls under basic troubleshooting, but I’ll be happy to defer judgement if you can provide proof that SonicWall does not support Windows Vista from remoting into its VPN SSL.
can’t even ping at the moment unfortunately, getting destination host unreachable when trying to ping the remote machine with IP: 192.168.1.x and then lists the IP of laptop (same local 192 IP prior to connecting to VPN, not IP given by SW)
Done, on client and server (although pretty sure only the client needed), no change.
That was done yesterday. TZ105 does not offer any support? This was the reply I received to my case: "The support contract on the device Serial Number [hidden] does not have support , For technical assistance or Replacement please purchase support. "
Ok that page looks familiar, I’ll go through each step now to see if I missed something. Once he is connected via NetExtender (which I confirmed last night) and assuming everything is setup properly, he should be able to just RDP into my 192.x.x.x. local IP of the server right?
