VPN Issues - Sonicwall MobileConnect - Error 2250 - Lumia 928

[j-bone6_7]

Howdy folks!

So... I've been messing around with getting my Sonicwall MobileConnect up and running on my 928 with 8.1 DevPrev. It won't connect, and keeps throwing error 2250. I've done some research and found that on Windows 8.1, that is related to a non-default VPN port, and there are some instructions using XML to "hack" it and set the default port to your non-standard.

My question is two-fold:

1) Has anyone been able to get the MobileConnect up and running?
2) If so, do you have a non-standard port, and how did you get it running?

Thanks in advance guys!

 

[edoug]

Yeah, I have it working using just the default settings. Are you connecting to a sonicwall that has SSLVPN setup (mine is an SRA box)?

 

[j-bone6_7]

Yep. Ours is a NSA240... current firmware, checked that. I feel like it might be tied to that nonstandard port, but i'm not sure. I've tried under server name: IPort; IP; Nameort; and Name, and still get thrown that 2250 error.

 

[edoug]

I'll try a non standard port by this weekend I'd you don't have it sorted out by then

 

[j-bone6_7]

I'd appreciate it! Thanks for the assist!

 

[edoug]

No luck yet...I've tried a lot of variation agains a Tz205 w/o success. I've even gone to standard 443 port and got "incompatible vpn" message. I'll keep picking at it for a while though.

 

[j-bone6_7]

I appreciate it! I've been picking at some stuff myself, and bonus side came across a misconfiguration on my side that was affecting a couple of my SSLVPN users. I've got to put in a call to SW support on another thing, so going to bring this up to them as well. I'll let ya know if I find anything out.

Thanks!

 

[srini09]

Hi,

I am facing the same issue on my Lumia 1520 with dev 8.1. Any luck with connecting to Sonicwall?

Srini

 

[Michael Crehan]

So this will work. But the problems are the encryption and a custom port. So on the firewall if you set the SSLVPN port to a standard port, IE 443, and Encryption on firewall in SSL server settings to AES256. It will work. At least it did on my NSA3500. Oh and I think you have to setup ip ranges in the mobile connection to get to your internal networks. Still testing all of this.

I wonder if there is a way to bind a custom port to this mobile connect crap?

 

[MarkJohnRowland]

Hello

The solution is mentioned in the URL below

http://en.community.dell.com/techce...ure-mobile-access-with-windows-phone-8-1.aspx

Basically, you have to specify the IP Address and Port in a URL . I.E http://111.111.111.111:4433

Regards

Mark

 

[srini09]

I can confirm that this doesn't work for me. Does it work for anybody?

Srini

 

[Michael Crehan]

It can work. But its not very stable. Your sslvpn needs to run on port 443. I think aes encryption. And you need to create routes in the Sonicwall client

This does work. I swear. Incompatible VPN comes from encryption not being aes. Port 4433 will not work, the only port that will is 443 because you cannot use :4433 on the mobile client. You need routes on the mobile client for internal networks. It is flaky though and Sonicwall support is worthless on this issue

 

[silver565]

It can work. But its not very stable. Your sslvpn needs to run on port 443. I think aes encryption. And you need to create routes in the Sonicwall client

This does work. I swear. Incompatible VPN comes from encryption not being aes. Port 4433 will not work, the only port that will is 443 because you cannot use :4433 on the mobile client. You need routes on the mobile client for internal networks. It is flaky though and Sonicwall support is worthless on this issue

I'm sorry, I don't agree. I have a lot of sonicwalls that I manage, all of which are running their sslvpn server on port 4433. It is never a problem. Sonicwall fixed a bug where the client failed to connect to devices which were running 5.6 OS(wouldn't let you choose another port other than 443).

The android and iOS client works on port 4433 without any issues.

Routes back have nothing to do with this problem.

 

[Michael Crehan]

Disagree all you want. This is the only way the mobile connect will work. At least with the NSA series. You never had to choose a port with ios or Droid. They just worked. The routes on the mobile connect are there for an always available tunnel. Meaning that if your app calls a subnet listed the tunnel would automatically activate.

I should note that Port 443 is specifically on Windows phone. Ports other than 443 may work with Android and IOS. I haven't bothered trying again to see if the situation is any better these days with Windows phone.

 

[Michael Crehan]

Disagree all you want. And version 5.8 of the firmware does not work with mobile connect on 4433. The routes are for automatically activating the tunnel if an app calls one of the subnets listed. Ios and android clients just work, but they are not designed with the same automatic feature. The bug is in the client, and/or the NSA firewall. Not sure what Sonicwall device you are connecting to

 

[Jaick1]

Solved.

1) Yes it's running on my Lumia 635 with SonicWALL Mobile Connect Plugin
2) I use the port 443 which is configured at the SonicWall (Menue/SSLVPN/Server settings)

At first I got the same error but after switching the cipher to AES256 (Menue 2) ) it worked

 

[j-bone6_7]

As the original OP, I figured that I'd step in here. Finally got the chance to loop back around to this post a week ago, and tried a couple of things, and was able to get it to work. Yes, still running port 4433. Interestingly enough, my NSA240 sets this port as default. Still looking in to that, but... either way. It was the URL suggestion that finally worked for me. Its stable, and has been working great for what I use it for. (Mostly using a server to use logmein/Unlocking peeps). Tiny, but useful for those "what am I going to do now" situations.

Appreciate the input from MarkJohn and edoug especially.

Awesome community we got here peeps!

 

[Kittichai Sojiphan]

I am currently having trouble accessing VPN on my Windows 8.1 Phone Lumia 640 XL LTE. My company use F5-Big-IP Edge Client. and I am not able to get VPN to work and have the same error 2250 pop up while connecting.

Can anybody help or suggest what I need to do?

Thank you very much.

Kittichai