SonicWall TZ170 std VPN SBS 2003

20 pts.
Incident response
Intrusion management
Microsoft Windows
Network security
SQL Server
I can establish an VPN connection to my TZ170, but can't access my SBS2003 server (can't ping). My Sonicwall global VPN client ip 192.168.168.x TZ170 ip 192.168.168.x my external nic on server 192.168.168.x my internal nic on server 192.168.1.x The external nic is plugged into TZ170 and my internal nic and workstations are plugged into a Linksys switch. If I connect a XPPro workstation to the TZ170 with ip 192.168.168.x, I can ping it. I need to be able to VPN in and get to resources on my server. Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

Did you run the CEICW [email and internet connection wizard]? When you have 2 NICs in stalled in a SBS 2003, this configures your external NIC to block ping for security.

Are you attempting to use RDP to access your SBS? If you are, do you have port 3389 pointing to your server? Is your server setup to accept remote access?

A none response to a ping request does not mean you are unable to establish a remote connection. It only shows that your server is not responding to the ICMP request.

Tell us more about what procedures you are using from the outside to connect to your server. Are you using another TZ170 or are you trying to use a software VPN client?

Good luck

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Allthumbs
    Yes I ran the internet and email wizard.
    20 pointsBadges:
  • Allthumbs
    I am trying to Remote Desktop to a workstation not the server. If I plug the workstation into the Sonicwall I can remote desktop in. If I plug it into the linksys switch I can't. So then I moved on to trying to get VPN working, and it appears I ran into the same problem. I can't get traffic originating from the internet to the server nor past the external nic to the internal nic. I do have the basic firewall checked on my server when I ran internet and email wizard.
    20 pointsBadges:
  • Airwrck
    I have a similar setup, but use a single NIC on the server, and use the Routing and Remote Access Service on the SBS server to make the connection. To do that, I foward PPTP on the TZ170 to the server. If you forward port 443 and 444 on the TZ170 to your server, you can access the remote windows workspace which will also give you a remote desktop over the web using the /remote url to your server (if your public ip is assigned to, then opening 443-444 will allow you to access which is the RWW) Good luck - SBS setup can be fairly complex and takes time to configure.
    0 pointsBadges:
  • PDMeat
    A couple of things to watch out for: 1) Some firewalls don't often port forward so easily. That is, something like a PIX is a PITA to get a port forward working which on a simple linksys router/firewall is very easy to do. 2) Are you doing a direct NAT or PAT pool for the internal hosts on your LAN? If you try and share the same external IP (192.168.168.x in this case) with the firewall's PAT pool and then also assign it to a device on the LAN so that you can make an Access Rule to forward traffic to it, that's probably not going to work. (it might, I'm no sonicwall guru). 3) You say you are connecting an XP WS to the inside 5 port switch of the TZ170 and when you give it an IP on that network, the same net as the external NIC of the server, you can ping the server. That's not surprising since the TZ170 is not actually routing, it's just passing traffic along a nice dumb layer-2 switch. That's easy. The part you seem to have trouble with is the VPN. That is probably because some part of the VPN grouping isn't set up correctly. You could for example, not be putting in the right default gateway or not tunneling that 192.168.168.x network so the VPN client doesn't know that it must go through the tunnel to reach it. Try disabling split tunneling and "Tunnel all networks" through the VPN and see if that helps. There's probably also a setting in the TZ170 that allows VPN traffic to bypass the access rules. Make sure that the setting (usually default) is in place so you won't have to worry about the access rules. Good Luck.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: