TKWITS Community Legend ✭✭✭✭✭
Reactions
Comments
-
Try Sonicwall Mobile Connect from the Windows Store.
-
GVC has be to configured for Split Tunnels. If you are not the administrator of the Sonicwall you'll have to ask someone who is to enable it. It may be disabled for a reason though.
-
Since you are using a public IP address from your WAN interface, the address object representing that IP should be in the WAN zone. Start there. The SA is established as evidenced by the log (generally regarded as phase 1 when using IKEv2), but after that it fails. Are you sure Phase 2 requires Perfect Forward Secrecy? Try…
-
It does make sense. I never thought of trying it since I've never run into the situation. For clarification, rather than use the private IP address you originally had configured on the WAN interface you used the public IP, and static ARPd and routed the private IP address.
-
Are you going to share so others can find out?
-
I have never gotten a self-signed cert from a DC to work for LDAP. The underlying requirements for trusting a self-signed cert aren't available to the Sonicwall. As BWC said you need proper certificate infrastructure in place. Certificates are 'Validated' when multiple checks pass (from a trusted CA, cert includes entire…
-
Show us sanitized screenshots of your tunnel config and the forms. There's a mismatch (may not be on your end). The message Inform: IKEv2 No NAT device detected between negotiating peers is normal and is a good thing. Think about what it is telling you instead of panicking. If you expand log entries you should be able to…
-
I am not the only here that would say this but, dont rely on the compatibility matrix or migration tool. Recreate the config manually.
-
Those are not errors. An error would say 'Error', not 'Warning'. As I said in the other discussion: Verify the Phase 1 and Phase 2 proposal configuration is correct on both sides of the tunnel (the settings are documented right?).
-
I forgot 'Open a ticket with support'.
-
Ask if your ISP can provide a direct (bridged) connection rather than a routed connection. Change ISPs to one that can. Do some research?
-
Sonicwall does not support user upgrades to RAM. That doesn't mean you can't try...
-
Upgrade to the latest firmware and try again, but I will state any VPN connection will not get you 1 to 1 match of your ISP rated speeds.
-
My last comment in the linked discussion says it all... Sonicwalls expect to have a public IP on their WAN interface. Any NAT policy you create will likely not include what Sonicwall considers 'management' traffic (e.g. traffic generated by the device itself pings included).
-
See the discussion here. https://community.sonicwall.com/technology-and-support/discussion/comment/7474 You'd replace the private IP address used in the example of that discussion with the public IP needed (e.g. 70.70.70.70).