Could you please let us know if there is a public IP address or private IP address configured on the SonicWall's WAN interface? If there is a private IP address configured on the SonicWall, please confirm if the ISP provided public IP address is configured on the ISP router?
Also, let us know if you have a public IP address configured on the peer end device to where we are trying to build the VPN tunnel?
We should be able to answer your original question with you providing answers to the above questions.
5g router only sharing private ip to sonicwall wan port. isp router are providing dynamic public ip and there is no dynamic dns option in the isp router
peer end device configured as public ip address on sonicwall wan port. its working well
Please follow the below step to achieve your goal;
Firewall WAN Interface must be configured with 5G router private IP subnet.
1. Open your 5G router and navigate to the settings (configuration steps will be change depends on the router models) -->Select DMZ --> Enable and enter the Host address field enter the Firewall WAN interface IP.
Or you can enable the Port forwarding rule to the Firewall WAN interface & enable the below listed ports accordingly;
Protocol: UDP, port 500 (for IKE, to manage encryption keys)
Protocol: UDP, port 4500 (for IPSEC NAT-Traversal mode)
Protocol:TCP, value 50 (for IPSEC)
Once you done above steps, navigate to the Firewall -->VPN -->Settings-->Configurations->Adavnced--> VPN Policy bound to: Choose Zone WAN (Default), If you have multiple WAN interface choose the proper interface.
NB: If you are facing drops in VPN tunnel, "Disable the NAT Traversal" in the VPN Advanced settings. (Required only where you have 5G router behind the Firewall)
Answers
Hi @AFSAL,
Thank you for visiting SonicWall Community.
Could you please let us know if there is a public IP address or private IP address configured on the SonicWall's WAN interface? If there is a private IP address configured on the SonicWall, please confirm if the ISP provided public IP address is configured on the ISP router?
Also, let us know if you have a public IP address configured on the peer end device to where we are trying to build the VPN tunnel?
We should be able to answer your original question with you providing answers to the above questions.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
peer end device configured as public ip address on sonicwall wan port. its working well
Hi @afsal
Please follow the below step to achieve your goal;
Firewall WAN Interface must be configured with 5G router private IP subnet.
1. Open your 5G router and navigate to the settings (configuration steps will be change depends on the router models) -->Select DMZ --> Enable and enter the Host address field enter the Firewall WAN interface IP.
Or you can enable the Port forwarding rule to the Firewall WAN interface & enable the below listed ports accordingly;
Protocol: UDP, port 500 (for IKE, to manage encryption keys)
Protocol: UDP, port 4500 (for IPSEC NAT-Traversal mode)
Protocol:TCP, value 50 (for IPSEC)
Once you done above steps, navigate to the Firewall -->VPN -->Settings-->Configurations->Adavnced--> VPN Policy bound to: Choose Zone WAN (Default), If you have multiple WAN interface choose the proper interface.
NB: If you are facing drops in VPN tunnel, "Disable the NAT Traversal" in the VPN Advanced settings. (Required only where you have 5G router behind the Firewall)
Please let me know if this resolve your issue.