Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Global vpn connection issue

We had a new at&t modem installed with static IP addresses. We had to do an ip pass through to get the vpn's to work through the new modem into the tz400. After resolving that issue one of our work stations behind the tz400 could not connect to a peer to peer Vpn that we use for a different company. One work station can connect and one cannot. Attached is the generated report from the workstation that cannot connect to ip address 108.93.34.251

Below is the vpn client log.

I have shut off the firewall and windows defender and made sure that the sonicwall gvpn was allowed through and i could still not get connected.

Category: Entry Level Firewalls
Reply

Answers

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @Stephen_wilde

    This error usually is caused by UDP packets being fragmented during the initial handshaking. Go to the Properties menu on the client, and turn on “Restrict the size of the first ISAKMP packet sent”

    On your Sonicwall’s WAN interface that you client is connecting, try disabling the “Fragment non-VPN outbound packets larger than this Interface’s MTU”

    Try Lowing your MTU settings on your WAN interface. Lowering from 1500 down to 1492 has been known to resolve the issue. Some modems will use a lower MTU (Especially LTE modems) so it will allow to match the MTU.

    For MTU discovery you can use Sonicwall diagnostic tool.


Sign In or Register to comment.