Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ370 cannot join external VPN (IKEv2) from VLAN behind Firewall

Hello everyone,

I have created some VLAN inside X0. The PC connected to the VLAN although they can surf the internet cannot join external VPN. The Windows error code is 809 VPN: The network connection between your computer and the VPN server could not be established because the remote server is not responding ... obviously the vpn server works perfectly!

What did I forget? What did I do wrong? Thanks.

Category: Entry Level Firewalls
Reply

Answers

  • MarkDMarkD Cybersecurity Overlord ✭✭✭


    If I understand the VPN server you refer to is "out on the internet, external to your environment"

    Have you implemented Firewall rules that permit the VPN through the firewall?

    I'll make the assumption is an IPSEC VPN

    Here is the MS article

    Troubleshoot Always On VPN | Microsoft Docs

    specifically 809 points to UDP 500 and UDP 4500 used when establishing an IPSEC VPN from behind a NAT device.

  • WolfWolf Newbie ✭

    Hello Mark,

    yes, I have. I also checked VPN server and is working perfectly. Behind firewall I created some VLAN and they work fine except for connecting to external VPNs. On VPN server seems that only packets on udp port 500 are being transmitted but 4500.

    Thanks

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    @Wolf

    you should check access rules Vlan zone to Wan and Wan to Vlan zone. especially you should disable sonicwall ipsec vpn service and try again.

  • WolfWolf Newbie ✭

    Hello @MitatOnge

    I solved, the problem is with the modem or the internet line or both. I used the internet data backup line and everything works.

    The weird thing is that everything works except vpn connections.

    Thanks you all

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    hi @Wolf

    maybe, Master ISP line was working vpn service when you want to access external vpn server.

Sign In or Register to comment.