No announcement yet.
  • Filter
  • Time
  • Show
Clear All
new posts

  • No Service- Sonicwall VPN


    I am new to Shoretel, just setting it up prior to a cutover from a 3com (no PRI plugged in the shoretel yet) and have about a basic+ understanding of Sonicwall setups but here is where I am at:
    Site to Site VPN

    Headquarters has a Sonicwall
    -The X0/LAN port is on its own network with the core switch stack
    -The core switch stack has the Data VLAN and Voice VLAN
    -I can reach the server and Director No issues- from accross the vlans and ping/RDP the director from the remote site. Phone to phone calls on the VLAN are great

    Remote Site - Sonicwall
    No Shoregear switch here so as I found searching the forum
    - I added an IP Mapping to HQ with the IP addresses of the remote subnet (different than the VLAN subnet) ticking the Teleworkers box
    -This subnet will share the data/phone as it's only 4 people
    -DHCP scope on a MS DHCP but the scope was created a while ago so option 156? wasn't ever set so I set FTP manually

    I can: ping the phone from the Director server, it see's the FTP, downloads the config, goes to requesting service, doesn't find anything, tries the switch IP itself but eventually says "No Service"

    Packet captures show FTP, UDP, and IP traffic back and forth with no packet loss during the boot.

    Anyone have an idea where I can look?
    I'm not 100% sure if I'm using the NAT vs. Routing as some suggested but they did say if the Director can see the private IP it most likely isn't the case (true?)

    Any help would be appreciated.

  • #2

    can you ping the phones and SG switches from the remote site. also log into the sonicwall at your main site and try to ping the phones and switches from the firewall to make sure your firewall can see all devices. also in your vpn tunnel config make sure to add the voice and data vlans in the local/destination networks respectively.


    • #3
      Thanks for the reply!

      Turns out is was the default gateway of the switch was wrong. It was pointed to the orignal VLAN gateway we used for a config day but had to change it after the fact to add a subnet between the switch and the firewall.


      • #4
        err... also, be sure to check the "Ignore don't fragment bit" on your Sonicwall VPN. For some odd reason, that evil bit is set in the 50V firmware.