×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Can't connect to Sonicwall VPN gateway from my office

Can't connect to Sonicwall VPN gateway from my office

Can't connect to Sonicwall VPN gateway from my office

(OP)
Hi,

I am having trouble connecting to Sonicwall VPN gateway from my office. I can connect to the same gateway from my home. I think this is because only port 80 is allowed from our office and there is a highly secure firewall configuration in our office. It is impossible to change the office firewall policy. Therefore I am looking for some alternatives. Has anyone got any suggestions for me?

RE: Can't connect to Sonicwall VPN gateway from my office

The Sonicwall is either going to use IPSEC, which is a protocol for securing IP connections, or SSL, probably over a semi-nonstandard port. If your outgoing firewall is clamped down to only allow port 80 traffic your options are pretty well limited. While there are means to tunnel connections through HTTP connections, attempting to do so would likely get you into hot water territory.

RE: Can't connect to Sonicwall VPN gateway from my office

(OP)
thanks for your reply. I guess SSL VPN runs on port 443 and this port is probably open in our office network. Is it possible to access any machines which dont support web interface via SSL VPN? When you connect via SSL VPN, does the VPN gateway allocate the IP address in the same network as VPN gateway LAN side for the client machine?

RE: Can't connect to Sonicwall VPN gateway from my office

Quote:

thanks for your reply. I guess SSL VPN runs on port 443 and this port is probably open in our office network
Your welcome, I am happy to help. It is possible that port 443 is being used for the VPN (server side) which would necessitate allowing inbound port 443 connections. In analyzing these types of firewall questions, it is important to keep in mind the difference between ingress and egress traffic. The egress traffic will typically use a random high order source port number with a common (e.g. 80, 443) destination port. It is possible to configure the firewall such that NEW connections are only allowed to desired ports, such as 80 and 443 and to allow ESTABLISHED or RELATED return traffic back in. This would largely apply to client side applications. The flip side of this is running a server application where the firewall must allow for listening connections on a particular port (e.g. 80 or 443). In this instance, it is possible to put an SSL VPN on port 443, nut not required. Quite often, these SSL VPNs use UDP through the SSL encrypted tunnel.

Quote:

Is it possible to access any machines which dont support web interface via SSL VPN?
I am not sure I understand the question, but will try to answer as best I can. SSL is a protocol, which can be used on various port numbers. It is possible to support either a web interface or a VPN connection on a particular port. If you have an SSL web server listening on port 443 (standard) you will need to have your VPN server listen on a different port. This link may be of help in explaining the differences and options available for SSL VPN: http://www.cisco.com/en/US/products/ps6120/product...

Quote:

When you connect via SSL VPN, does the VPN gateway allocate the IP address in the same network as VPN gateway LAN side for the client machine?
This will depend upon the VPN configuration. Sometimes they are configured as what is called split tunnels, where only traffic destined for the VPN hosted network will go through the VPN tunnel. In this case, the client will probably NOT be allocated an IP address of the VPN LAN, but simply designate a route to the virtual interface for remote resources. The other option is to configure the VPN as the entire remote gateway, in which case an IP will likely be assigned and for all practical purposes the client will appear as if they are from the remote VPN. This is sometimes more secure, definitely more controlling, but also has a performance price.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close