Hi there.
I have a host machine with Sonicwall Global VPN Client installed on it that can't connect to the peer/destination. The network map looks something like this:
Host >>> UTM >>> Cisco ASA >>> Internet >>> VPN Target
I've been looking at this problem for a few days, configuring host/IP/port specific rules, and eventually I put an [ any source / any destination / any service - permit ] outgoing rule on the UTM... but still no dice.
I have checked the live logs but the host's IP isn't showing up at all as a source, despite it continually attempting to establish a connection, which leads me to believe that there's something else at play that I don't know about. The host IP shows up intermittently but as a destination - the log entry looks something like this: Source = <UTM internal IP>, Service = IMCP, Destination = <host IP>, Action = dropped.
I have no issues if the host is situated between the UTM and the ASA (i.e. bypassing the UTM entirely, and with a different IP address, gateway, etc. configured of course) so the UTM seems to be causing the roadblock. In both cases the client tries to use ports 500 and 4500, but I made sure to allow these and they are reportedly in use already (probably by the ASA) so it uses dynamic ports instead. The Sonicwall GVC connects by IP address, so I don't think it's a DNS issue.
Can anyone signpost me in the right direction or say if there's a glaringly obvious setting I've missed?
This thread was automatically locked due to age.
