Results 1 to 17 of 17

Thread: SonicWall Global VPN Client connection reset

  1. #1
    Rick Martin
    Guest

    SonicWall Global VPN Client connection reset

    I am having an odd problem connecting my WinXP SP2 laptop to our company
    SonicWall VPN. My laptop is on a local domain at my home and is connected
    to the Internet via a 2Wire DSL modem which is a NAT. I tried placing my
    laptop in the DMZ to test and that did not make any difference. I have also
    opened a few ports I found in other posts but that didn't help either.

    I have tried 3 different client versions including 4.0.0.830, 2.2.2 and
    3.1.0.566 all had variations of the same problem.
    There are no errors in the sonicwall log. It just shows the connection
    starting over. I've included a sequence from the log below.
    In the gvs_trace.txt log here are the enteries around the reset.
    OnLogMessage(): 'NetUserGetInfo returned: home dir: , remote dir: , logon
    script: ' '74.93.179.88'
    CheckForDeadPeer(): peer appears to be dead - resetting connection
    CInterface::ReleaseOrRenew(release): calling request function synchronously


    When I first install the client it offers to run the client when it
    finishes without rebooting. If I do this and log into the VPN everything
    appear fine. I can access systems and transfer information. I'm primarily
    using the connect for version control and have no problems getting or
    sending data.

    However, after I reboot my system the VPN starts to fail. I can connect OK
    but the connection times out every 30-90 seconds and reconnects. I can
    still do operations if I initiate the operation immidiately after the
    connection completes. By immidiately I mean I have to have the Status
    window open and the button pressed and held for the version control
    operation. As soon as the connetion completes I let go of the button and
    the command usually works fine. If I wait even a fraction of a second the
    command will timeout without a response from the server. I then have to
    wait for the connection to fail and reconnect and the try again.
    When I do successfully start the command it can run for 10-20 minutes or
    more and transfer many megabytes of data without issue. But as soon as that
    command finishes I cannot initiate another.

    Sorry for being long winded I just wasn't sure how to describe this.
    If there is any additional information I can provide please let me know or
    if there is a better place to post this.

    TIA,
    Rick

    Log:
    2008/01/03 11:45:26:820 Information 74.93.179.88 Starting ISAKMP phase 1
    negotiation.
    2008/01/03 11:45:27:100 Information 74.93.179.88 Starting aggressive mode
    phase 1 exchange.
    2008/01/03 11:45:27:100 Information 74.93.179.88 NAT Detected: Local host
    is behind a NAT device.
    2008/01/03 11:45:27:100 Information 74.93.179.88 The SA lifetime for phase
    1 is 28800 seconds.
    2008/01/03 11:45:27:110 Information 74.93.179.88 Phase 1 has completed.
    2008/01/03 11:45:27:160 Information 74.93.179.88 Received XAuth request.
    2008/01/03 11:45:27:160 Information 74.93.179.88 XAuth has requested a
    username but one has not yet been specified.
    2008/01/03 11:45:27:160 Information 74.93.179.88 Sending phase 1 delete.
    2008/01/03 11:45:27:160 Information 74.93.179.88 User authentication
    information is needed to complete the connection.
    2008/01/03 11:45:27:230 Information <local host> An incoming ISAKMP packet
    from 74.93.179.88 was ignored.
    2008/01/03 11:45:31:957 Information 74.93.179.88 Starting ISAKMP phase 1
    negotiation.
    2008/01/03 11:45:32:238 Information 74.93.179.88 Starting aggressive mode
    phase 1 exchange.
    2008/01/03 11:45:32:238 Information 74.93.179.88 NAT Detected: Local host
    is behind a NAT device.
    2008/01/03 11:45:32:238 Information 74.93.179.88 The SA lifetime for phase
    1 is 28800 seconds.
    2008/01/03 11:45:32:238 Information 74.93.179.88 Phase 1 has completed.
    2008/01/03 11:45:32:298 Information 74.93.179.88 Received XAuth request.
    2008/01/03 11:45:32:298 Information 74.93.179.88 Sending XAuth reply.
    2008/01/03 11:45:32:348 Information 74.93.179.88 Received XAuth status.
    2008/01/03 11:45:32:348 Information 74.93.179.88 Sending XAuth
    acknowledgement.
    2008/01/03 11:45:32:348 Information 74.93.179.88 User authentication has
    succeeded.
    2008/01/03 11:45:32:398 Information 74.93.179.88 Received request for
    policy version.
    2008/01/03 11:45:32:398 Information 74.93.179.88 Sending policy version
    reply.
    2008/01/03 11:45:32:458 Information 74.93.179.88 Received policy change is
    not required.
    2008/01/03 11:45:32:458 Information 74.93.179.88 Sending policy
    acknowledgement.
    2008/01/03 11:45:32:458 Information 74.93.179.88 The configuration for the
    connection is up to date.
    2008/01/03 11:45:32:498 Information 74.93.179.88 Starting ISAKMP phase 2
    negotiation with 74.93.179.88/255.255.255.255:BOOTPC:BOOTPS:UDP.
    2008/01/03 11:45:32:498 Information 74.93.179.88 Starting quick mode phase
    2 exchange.
    2008/01/03 11:45:32:578 Information 74.93.179.88 The SA lifetime for phase
    2 is 28800 seconds.
    2008/01/03 11:45:32:578 Information 74.93.179.88 Phase 2 with
    74.93.179.88/255.255.255.255:BOOTPC:BOOTPS:UDP has completed.
    2008/01/03 11:45:32:578 Information <local host> Renewing IP address for
    the virtual interface (00-60-73-EB-DD-EA).
    2008/01/03 11:45:36:831 Information <local host> The IP address for the
    virtual interface has changed to 192.168.10.170.
    2008/01/03 11:45:36:891 Information <local host> The system ARP cache has
    been flushed.
    2008/01/03 11:45:36:911 Information 74.93.179.88 NetWkstaUserGetInfo
    returned: user: rick, logon domain: SYS001, logon server: SYS001
    2008/01/03 11:45:41:458 Information 74.93.179.88 NetGetDCName failed: Could
    not find domain controller for this domain.
    2008/01/03 11:45:41:458 Information 74.93.179.88 calling NetUserGetInfo:
    Server: \\SYS001, User: rick, level: 3
    2008/01/03 11:45:41:468 Information 74.93.179.88 NetUserGetInfo returned:
    home dir: , remote dir: , logon script:
    2008/01/03 11:46:19:859 Information <local host> Releasing IP address for
    the virtual interface (00-60-73-EB-DD-EA).
    2008/01/03 11:46:24:010 Information 74.93.179.88 Sending phase 2 delete for
    74.93.179.88/255.255.255.255.
    2008/01/03 11:46:24:130 Information 74.93.179.88 Sending phase 1 delete.
    2008/01/03 11:46:24:751 Information 74.93.179.88 Starting ISAKMP phase 1
    negotiation.
    2008/01/03 11:46:25:051 Information 74.93.179.88 Starting aggressive mode
    phase 1 exchange.
    2008/01/03 11:46:25:051 Information 74.93.179.88 NAT Detected: Local host
    is behind a NAT device.
    2008/01/03 11:46:25:051 Information 74.93.179.88 The SA lifetime for phase
    1 is 28800 seconds.
    2008/01/03 11:46:25:051 Information 74.93.179.88 Phase 1 has completed.
    2008/01/03 11:46:25:111 Information 74.93.179.88 Received XAuth request.
    2008/01/03 11:46:25:111 Information 74.93.179.88 Sending XAuth reply.
    2008/01/03 11:46:25:161 Information 74.93.179.88 Received XAuth status.
    2008/01/03 11:46:25:161 Information 74.93.179.88 Sending XAuth
    acknowledgement.
    2008/01/03 11:46:25:161 Information 74.93.179.88 User authentication has
    succeeded.
    2008/01/03 11:46:25:221 Information 74.93.179.88 Received request for
    policy version.
    2008/01/03 11:46:25:221 Information 74.93.179.88 Sending policy version
    reply.
    2008/01/03 11:46:25:271 Information 74.93.179.88 Received policy change is
    not required.
    2008/01/03 11:46:25:271 Information 74.93.179.88 Sending policy
    acknowledgement.
    2008/01/03 11:46:25:271 Information 74.93.179.88 The configuration for the
    connection is up to date.
    2008/01/03 11:46:25:502 Information 74.93.179.88 Starting ISAKMP phase 2
    negotiation with 74.93.179.88/255.255.255.255:BOOTPC:BOOTPS:UDP.
    2008/01/03 11:46:25:512 Information 74.93.179.88 Starting quick mode phase
    2 exchange.
    2008/01/03 11:46:25:562 Information 74.93.179.88 The SA lifetime for phase
    2 is 28800 seconds.
    2008/01/03 11:46:25:562 Information 74.93.179.88 Phase 2 with
    74.93.179.88/255.255.255.255:BOOTPC:BOOTPS:UDP has completed.
    2008/01/03 11:46:25:562 Information <local host> Renewing IP address for
    the virtual interface (00-60-73-EB-DD-EA).
    2008/01/03 11:46:30:899 Information <local host> The IP address for the
    virtual interface has changed to 192.168.10.170.
    2008/01/03 11:46:31:000 Information <local host> The system ARP cache has
    been flushed.
    2008/01/03 11:46:31:030 Information 74.93.179.88 NetWkstaUserGetInfo
    returned: user: rick, logon domain: SYS001, logon server: SYS001
    2008/01/03 11:46:35:536 Information 74.93.179.88 NetGetDCName failed: Could
    not find domain controller for this domain.
    2008/01/03 11:46:35:536 Information 74.93.179.88 calling NetUserGetInfo:
    Server: \\SYS001, User: rick, level: 3
    2008/01/03 11:46:35:536 Information 74.93.179.88 NetUserGetInfo returned:
    home dir: , remote dir: , logon script:
    2008/01/03 11:47:05:147 Information <local host> Releasing IP address for
    the virtual interface (00-60-73-EB-DD-EA).

  2. #2
    mak
    Guest

    Re: SonicWall Global VPN Client connection reset

    Rick Martin wrote:
    >2008/01/03 11:45:41:468 Information 74.93.179.88 NetUserGetInfo returned:
    >home dir: , remote dir: , logon script:


    here you are logged in successfully
    >2008/01/03 11:46:19:859 Information <local host> Releasing IP address for
    >the virtual interface (00-60-73-EB-DD-EA).


    and this is where you are loosing your ip adress for some reason...

    try setting a fixed adress on the virtual adapter (you might have to allow this in the vpn policy, dhcp relay settings)
    see if that helps,
    also set your logging to "debug" on the sonicwall and make sure "vpn client" is checked in the categories.

    M

  3. #3
    Rick Martin
    Guest

    Re: SonicWall Global VPN Client connection reset

    On Fri, 04 Jan 2008 13:10:23 +0100, mak wrote:

    >
    > try setting a fixed adress on the virtual adapter (you might have to allow this in the vpn policy, dhcp relay settings)
    > see if that helps,
    > also set your logging to "debug" on the sonicwall and make sure "vpn client" is checked in the categories.
    >
    > M


    Thanks, mak

    I tried setting up the config to have a fixed IP and entries to the VPN
    server but it didn't help it actually made it worse.
    Another interesting point. Another XP laptop on my LAN has the same
    problems as the first one. However, my Windows 2000 server connects and
    stays connected to the VPN without any problems.
    Something about the OS?

    Rick

  4. #4
    Rick Martin
    Guest

    Re: SonicWall Global VPN Client connection reset - Partially Solved

    On Thu, 3 Jan 2008 12:40:45 -0800, Rick Martin wrote:

    > I am having an odd problem connecting my WinXP SP2 laptop to our company
    > SonicWall VPN. My laptop is on a local domain at my home and is connected
    > to the Internet via a 2Wire DSL modem which is a NAT. I tried placing my
    > laptop in the DMZ to test and that did not make any difference. I have also
    > opened a few ports I found in other posts but that didn't help either.
    >


    My IT guy made the following changes and I can now access the VPN from both
    the XP and W2k boxes. There is still a problem with access one of the web
    applications that we are working on.

    Here are the changes he made:
    You were configured for "All Interface IP" which basically gives you full
    run of all firewall zones. Apparently that doesn't work. I changed it so
    that you have "All LAN Subnets" and "All WAN Subnets" instead.

    Maybe this will help someone, someday.

    Thanks,
    Rick

  5. #5
    Junior Member
    Join Date
    Apr 2008
    Posts
    2
    Quote Originally Posted by Rick Martin View Post
    On Thu, 3 Jan 2008 12:40:45 -0800, Rick Martin wrote:
    [color=blue]
    ...Maybe this will help someone, someday.

    Thanks,
    Rick
    The support guy from Sonic couldnt fix it but your post did! Thanks

    Adam

  6. #6
    Junior Member
    Join Date
    Aug 2008
    Posts
    1
    Quote Originally Posted by Rick Martin View Post
    On Thu, 3 Jan 2008 12:40:45 -0800, Rick Martin wrote:

    > I am having an odd problem connecting my WinXP SP2 laptop to our company
    > SonicWall VPN. My laptop is on a local domain at my home and is connected
    > to the Internet via a 2Wire DSL modem which is a NAT. I tried placing my
    > laptop in the DMZ to test and that did not make any difference. I have also
    > opened a few ports I found in other posts but that didn't help either.
    >


    My IT guy made the following changes and I can now access the VPN from both
    the XP and W2k boxes. There is still a problem with access one of the web
    applications that we are working on.

    Here are the changes he made:
    You were configured for "All Interface IP" which basically gives you full
    run of all firewall zones. Apparently that doesn't work. I changed it so
    that you have "All LAN Subnets" and "All WAN Subnets" instead.

    Maybe this will help someone, someday.

    Thanks,
    Rick
    Rick, thanks very much for posting this. I've been going through a frustrating 2 weeks with Sonicwall tech support trying to resolve exactly the same issue. I stumbled across your post during a desperate search, and gave it a try. At last, a stable VPN connection!

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Posts
    3

    Sonicwall GVC having issue while connecting

    In my scnerio while I am trying to connect Vista mahince via GVC I am getting only authenticating after PreShared key acceptance.
    Please let me know how do I get a active connection it was worked last week and we haven't change anything on the network since.

    MS



    Quote Originally Posted by Rick Martin View Post
    On Thu, 3 Jan 2008 12:40:45 -0800, Rick Martin wrote:

    > I am having an odd problem connecting my WinXP SP2 laptop to our company
    > SonicWall VPN. My laptop is on a local domain at my home and is connected
    > to the Internet via a 2Wire DSL modem which is a NAT. I tried placing my
    > laptop in the DMZ to test and that did not make any difference. I have also
    > opened a few ports I found in other posts but that didn't help either.
    >


    My IT guy made the following changes and I can now access the VPN from both
    the XP and W2k boxes. There is still a problem with access one of the web
    applications that we are working on.

    Here are the changes he made:
    You were configured for "All Interface IP" which basically gives you full
    run of all firewall zones. Apparently that doesn't work. I changed it so
    that you have "All LAN Subnets" and "All WAN Subnets" instead.

    Maybe this will help someone, someday.

    Thanks,
    Rick

  8. #8
    Junior Member
    Join Date
    Oct 2009
    Posts
    2
    Hi Rick

    Am facing exactly the same problem. Would appreciate if you could please list the places, where you did the changes for All Interface IP to lan & wan subnets.

    Am not too familiar with SonicWall. The SW device i have is TZ210

    Thanks for your help.

  9. #9
    Junior Member
    Join Date
    Oct 2009
    Posts
    2

    Can you advise where to change the All Interface IP to Lan subnets

    Hi Rick

    Am facing the exact issue. I have a Sonicwall TZ210 firewall.

    Can you please advise where to change the All Interface IP to Lan & WAN subnets. Am not too familiar with Sonicwall and couldnt figure out, where to change this.

    Thanks for all your help.

  10. #10
    Junior Member
    Join Date
    Apr 2011
    Posts
    2

    Fixed!!

    Quote Originally Posted by savp View Post
    Hi Rick

    Am facing the exact issue. I have a Sonicwall TZ210 firewall.

    Can you please advise where to change the All Interface IP to Lan & WAN subnets. Am not too familiar with Sonicwall and couldnt figure out, where to change this.

    Thanks for all your help.
    Hi,

    Under Users-->Local users.
    Select the user your are using when connecting through the VPN and "Configure".
    New window will Open, in the third Tab "VPN Access" make sure you add "LAN Subnets" & "WAN Subnets".
    Click OK and you are Done!
    Make Sure there are no Overlapping Subnets between your Company and your Home / remote office.

    Feel free to Contact me if Any one needs help with similar issues.

  11. #11
    Junior Member
    Join Date
    Apr 2011
    Posts
    2
    Under Network--> Zones--> choose what you need then "Configure"

  12. #12
    Junior Member
    Join Date
    May 2011
    Posts
    1

    tz 100 domain login

    Before I install my Tz 100, the client software on XP can work with the server software on Win Server 2003 without trouble. The client-server software rely on domain login to control access right. When we installed the Tz 100 in between the XP and the Win Server, it become not 100% of time that the client software can login with the server software. Sometime I need to reboot the XP couple times to success the login. I talked with the local technical rep but looks not have a good solution. Any hints or idea on my trouble. Thank you for advise in advance

    Fred

  13. #13
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Still get this

    I keep getting similar problems with the sonicwall vpn from home ADSL. The only fix is to reboot the local router, then it will work fine for a period of time.

    Its not a VPN config problem, not a pc problem. I get it from behind several different makes of ADSL router at different locations also, so not a particular router either.

    I guess that its something the sonicwall vpn client is doing which screws up the local router somehow.

    Wish sonicwall would fix it but I cant even get it acknowledged as a problem :(

    Adam

  14. #14

    Sonicwall Connection issue

    Problem
    When multiple computers are connected to the SonicWall wireless network, the wireless network goes down every 15 minutes.
    Synopsis
    The problem has been confirmed resolved by updating the firmware and disable the Intrusion Detection on the wireless.
    Solutions
    Update the SonicWall firmware to the most recent version. Disable the Intrusion Detection on the wireless network.

    Shawn Zernik
    http://www.internetworkconsulting.net

  15. #15
    Junior Member
    Join Date
    Jan 2012
    Posts
    1

    Sonicwall TZ100 - netextender on windows XP Disconnecting!

    Quote Originally Posted by jentrammell View Post
    Problem
    When multiple computers are connected to the SonicWall wireless network, the wireless network goes down every 15 minutes.
    Synopsis
    The problem has been confirmed resolved by updating the firmware and disable the Intrusion Detection on the wireless.
    Solutions
    Update the SonicWall firmware to the most recent version. Disable the Intrusion Detection on the wireless network.

    Shawn Zernik
    http://www.internetworkconsulting.net
    Have a similar issue. Got a TZ100 model setup with sslvpn, netextender on the clients. Windows 7 works perfect, windows XP drops the connection after a few minutes.
    Any suggesstions?

  16. #16
    SG Enthusiast RaisinCain's Avatar
    Join Date
    Jun 2009
    Posts
    1,705
    Get a hold of Sonicwalls support team. They will be able to better troubleshoot the problem when given your network configuration. After all you are paying for it.

  17. #17
    Disable the NAT traversal option in properties.

Similar Threads

  1. Cisco VPN client and Netgear WGR614 problem
    By vanc in forum Networking Forum
    Replies: 14
    Last Post: 01-28-11, 12:15 PM
  2. Help for 25Mbps(down)/512Kbps(up) connection !!!
    By ge_or_ge in forum Broadband Tweaks Help
    Replies: 9
    Last Post: 10-19-07, 10:08 PM
  3. Replies: 9
    Last Post: 07-23-07, 11:20 AM
  4. Here's how I did it!! VPN to an Office network
    By Mike Howles in forum Networking Forum
    Replies: 1
    Last Post: 05-11-07, 06:27 AM
  5. VPN client Issue..
    By bsatheesh in forum General Broadband Forum
    Replies: 0
    Last Post: 05-02-07, 05:10 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •