Community home

Your speed test results from here.       10.96 Download    5.13 upload

Your ping test results from here.

Your external IP address from here.     78.32.204.201

The results of a traceroute.

Your Sure Signal serial number:         40134613138

VSS Traceroute command

The tracert doest appear to work

it just says request timed out.

Thanks for your help.

The sonicwall is a fairly feature rich router, which could be causing the problem(s) as it is VPN aware, and is probably intercepting some of the suresignal traffic rather than passing it on.

If you were to take it out of the DMZ, assign it to a static DHCP address (if possible), and create some policies to forward IPSec traffic to it, it may kick into life.

Other routers have a feature called VPN Passthrough which needs enabling, but I couldn't see it on a quick scan of the manual, so it may not be needed if the correct access and nat rules are in place.

Thank you very much for your reply.

The problem with my tests is that I am running from the LAN but the SureSignal is on a completely open DMZ so my tests are not necessarily indiciative of the SureSignal.

We have given the SureSignal a static IP of: 78.32.204.201

I was suggesting a static on the LAN rather than a public one, but that may work

Even on the open DMZ, some of the VPN GRE packets could be swallowed up by the router if it isn't expecting vpn traffic to pass through it rather than the router terminate it itself.

There is a list of ports that need forwarding as services if you go down the internal IP route... and looking at the instructions, if those ports are VPN flavoured (hopefully there will be a IPSec selection in the dropdown list) then it will know that it should be passing on all traffic.

Hi CatManDo,

Thanks firstly to grolschuk for the advice he’s given.

The lights you’re seeing show that the Sure Signal hasn’t been able to authenticate itself on our servers during the set up process.

Check to make sure that you’ve enabled IPSec passthrough on your router and that your MTU value is set to 1500.

Also, can you confirm that the following ports are open/forwarded on your router:-

Port Number

8          TCP      UDP

50         TCP      UDP

53         TCP      UDP

67                     UDP

68                     UDP

123                   UDP

500                   UDP

1723     TCP      UDP

4500                 UDP

33434 - 33445    UDP

If you have the option, try a different router to see if the Sure Signal then works.

Let me know how you get on.

Cheers,

Andy

Thanks I will try those suggestions.

Does the IP range not need to be 'whitelisted' with Vodafone?

Thanks

There seems to be some confusion here.

The SonicWALL TZ210 is a firewall/UTM  not a router (although it does route as well)

The Sure Signal V3 is the only device in a configured DMZ which has a separated static NAT (78.32.204.203).  This DMZ currently allows all inbound and outbound traffic to and from the Sure Signal.

The Sure Signal in the packet captures does the following

Does a DNS lookup and we see packets out and inbound. It resolves initial-_ipsecrouter.vap.vodafone.co.uk to 212.183.131.139 via external DNS

The device then attempts UDP 4500 connection to 212.183.131.139 but never sees a return.

This would indicate the IPSec VPN gateway at Vodafone is not responding to the request.  Can you please check that you are seeing packets from 78.32.204.203 and that they are accepted by the IPSec device.

For information grolschuk this is not a GRE tunnel but an IPSec one.

Hi CatManDo, 

The IP address you've supplied is already whitelisted. 

Can you temporarily disable or lower your security settings to see if this helps. 

Thanks, 

Kay