How do set up these rules?

Disconnect · Feb 21, 2011, 8:24 PM

Hello all,

I know these should be easy but I am still having the same problems listed in this topic:
http://forum.pfsense.org/index.php/topic,18379.15.html

Specifally I am trying to figure out how to do the following:

What I did was to ensure that scrub was disabled (it was). I also chose Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)), setting up rules for ports 50, 500, and 4500, which I understand from other sources are used by the SonicWall client. Of course, I still have the inbound and outbound firewall rules allowing traffic to and from the VPN server's ip address. Even at that point, the client would not connect. The final step, which allowed the connection, was to enter 1500 in the MTU field on the WAN interface. (It is a bit fuzzy, but I first set the MTU to 1300. The software firewall on the XP client then asked me to approve the outbound connection of the SonicWall Client. That had never happened before. I clicked OK to allow the connection, but still had no connection. It was not until I entered 1500 into the MTU that the connection succeeded.)

I believe I set up the rules correctly but they aren't working so I am asking as a newbie, how do I set up the filewall rules (please rub my nose in it!) to allow me to connect to an external sonicwall VPN…I mean do I put these rules in WAN or Lan, what should I put in the boxes?

Thanks for any of your time, I am just getting frustrated by this issue!

Thanks!

Disconnect · Feb 22, 2011, 9:28 PM

Hello All, I've set up the following rule in WAN, still can't get out.

TCP/UDP 201.111.57.11/31 * * 4500 (IPsec NAT-T) *

TCP/UDP 201.111.57.11/31 * * 500 (ISAKMP) *
TCP/UDP 201.111.57.11/31 * * 50 *

Can anyone give me a hint what I am doing wrong?

Thanks,!

Cry Havok · Feb 22, 2011, 10:37 PM

Start from a fresh set of rules and NAT configuration.

If you do that, can your SonicWall client connect to the remote VPN server?

Disconnect · Feb 22, 2011, 11:39 PM

No, fresh rules don't…

What started this road.

I get the same error mentions in the other coversation referenced in my first post.

Thanks Cry,

Cry Havok · Feb 23, 2011, 7:24 AM

What version of pfSense are you using? Can you post screenshots of your firewall rules (LAN and WAN) and your AoN settings.

Disconnect · Feb 23, 2011, 2:23 PM

@Cry:

What version of pfSense are you using? Can you post screenshots of your firewall rules (LAN and WAN) and your AoN settings.

I am using 3.2.1

All I have are the default rules, that's it.

Cry Havok · Feb 23, 2011, 8:43 PM

3.2.1? Really? Can I borrow your time machine please!

Did you mean 1.2.3 by any chance?

Disconnect · Feb 23, 2011, 10:22 PM

@Cry:

3.2.1? Really? Can I borrow your time machine please!

Did you mean 1.2.3 by any chance?

Yes, shouldn't be playing with my router while replying…

...and of course you can borrow my time machine, as soon as it's out of the shoppe, broken flux capacitor.

Hate when that happens!

Disconnect · Feb 24, 2011, 5:18 PM

Yes, I am running 1.2.3

Disconnect · Feb 24, 2011, 10:26 PM

Turned out I didn't have to open any ports or anything, just enabled IPSec and everything started working…

Though without any rules, am I opening any security holes in my firewall?

Also will this screw up my OpenVPN setup?

Thanks!