Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pro 200 VPN Nightmare

Status
Not open for further replies.
jebenson

jebenson

Technical User
Feb 4, 2002
2,956
US
Hello all,

I am having trouble with my SonicWall Pro 200 and VPN. I recently set up a new user to use VPN (using Global VPN Client 3.1.0.556), and the PC can connect and authenticate to the ISA server on our LAN via RADIUS, but the PC is not getting an IP assigned from our LAN's DHCP servers. The GVC log shows everything connecting fine, but I get a warning:

"Failed to renew the IP address for the virtual interface. The semaphore timeout period has expired."

I have been searching the web for days now, and apparently this is a pretty common error. I downloaded a document from SonicWall that deals with this issue specifically, but none of the fixes/workarounds in the document have worked.

The thing that really gets me is that I have one user who has been using VPN through all of this, and she can connect with no problems. She gets an IP address, logon script runs, can "see" network shares, etc. The new PC I set up is using an identical setup - same VPN client, same configuration, same version of Windows (2000 Pro) - and yet it cannot connect properly. Other machines that used to be able to connect now cannot, and I have not made any changes to the firewall settings or to their PCs.

Does anybody have any ideas/suggestions? If you need any other information, I will be happy to provide whatever I can. I really need to get this issue resolved ASAP.

Thanks,
JEB

I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson

Arrrr, mateys! Ye needs ta be preparin' yerselves fer Talk Like a Pirate Day! Ye has a choice: talk like a pira
 
Sort by date Sort by votes
Anyone?

I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson

Arrrr, mateys! Ye needs ta be preparin' yerselves fer Talk Like a Pirate Day! Ye has a choice: talk like a pira
 
Upvote 0 Downvote
Okay, a little more information.

The PCs that are not getting IP addresses are Win 2000. If I install the VPN client on an XP machine - using the same installation package and the same VPN client settings file - it works fine. It connects and gets an IP address, I can ping and connect to servers, etc.


I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson

Arrrr, mateys! Ye needs ta be preparin' yerselves fer Talk Like a Pirate Day! Ye has a choice: talk like a pira
 
Upvote 0 Downvote
You know, I really don't know why I expected anything out of this forum. SonicWall sucks, so why should this forum be any different? This is the **THIRD** time I've had to "fix" problems with SonicWall's VPN "solution". Each time I have made **NO** changes to the client, the firewall or the internal network - the VPN just stopped working for no apparent reason.

The only thing I can surmise is that SonicWall **PURPOSELY** designed their VPN solution to fail, in the hopes that they will make some money from desperate customers paying for technical support.

Either that, or they are **INCOMPETENT**. Probably a bit of both.

Whichever it may be, I will **NEVER** spend another penny on one of their products.

I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson

Arrrr, mateys! Ye needs ta be preparin' yerselves fer Talk Like a Pirate Day! Ye has a choice: talk like a pira
 
Upvote 0 Downvote
I assume that he PRO 200 is correctly to provide DHCP over the VPN either by it being the DHCP or forwardking to a DHCP server on your net. If so then goto the properties for that connection on the GVC and select the peers tab, Edit the peer and set NAT Traversal to disabled.

See it that helps.

Locans
 
Upvote 0 Downvote
Another thought, Make sure that the Pro 200'f firmware is updated. There was a DHCP over VPN issue on some versions.

Locans
 
Upvote 0 Downvote
Sonicwall's VPN stinks on toast.

I wasted several days trying to configure the GlobalVPN clients to terminate on the DMZ and use a DHCP address. Finally I called their support, got to a Tier II tech, and after a day of screwing around with settings and research he gave me the answer, which I will post here:

"Yeah, um, terminating GlobalVPN clients on the DMZ doesn't really work too well. There is a new firmware coming out next summer which we hope will fix it. Sorry.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
313
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
311
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
130
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
380
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
91
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top