Browse All Articles > Global VPN Client IP Assignment Using The Sonicwall Appliance
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts. There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t practical for one reason or another.
This article assumes the WAN GlobalVPN VPN policy has already been configured and is functioning. Additionally, this article is in two parts:
Part One will use an already configured WLAN zone for assigning IP addresses to GVC hosts.
Part Two will walk through setting up the WLAN zone if not already configured.
Part One – Setup DHCP for GVC Hosts Utilizing The WLAN Zone
NOTE: It is assumed that WLAN already has access to LAN and LAN to WLAN.
What you’ll need to know:
- The IP address assigned to the interface the WLAN zone is assigned to.
1. Login to the SonicWALL appliance and go to VPN > DHCP over VPN.
2. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).
3. Check the following boxes:
- Use Internal DHCP Server
- For Global VPN Client
4. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to. See Image 2 below for the final settings. Once the settings are completed, click OK.
5. Once completed, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.
Part Two: Setting Up DHCP For GVC Hosts When WLAN Hasn’t Been Configured
What you’ll need:
- Identify a IP subnet that isn’t currently being utilized on the internal network.
- An available interface on the SonicWALL
1. Click Network > Interface and edit an available Interface that isn’t being utilized for another purpose. For this article, I have selected the X3 interface.
2. Select the WLAN zone in the Zone drop down (See Image 3 Below).
3. Give the interface an IP address. For this article, I have chosen 10.10.10.20 (See Image 4 Below).
4. Click OK. You’ll get a prompt regarding the management interface. Disregard this message as the management interface is configured on the LAN interface.
5. Click Network > DHCP Server. Once the WLAN zone settings are saved to the Interface, the SonicWALL appliance automatically created a new DHCP scope specifically for hosts connected to the X3 interface (or, whichever Interface was chosen).
6. Edit the new DHCP scope and modify the Start and End IP range if the default is not acceptable.
7. Click the DNS/WINS tab. If you desire your GVC hosts to resolve hosts on the LAN network, you’ll need to enter the Active Directory domain (if utilized) and internal DNS servers. Also, if you have any WINS servers, you’ll need to enter those here too.
8. Once configured, click OK.
9. Click VPN > VPN Over DHCP.
10. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).
11. Check the following boxes:
- Use Internal DHCP Server
- For Global VPN Client
12. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to. See Image 2 below for the final settings. Once the settings are completed, click OK.
13. Now, we need to confirm Firewall Access between the WLAN <-> LAN zones. Click Firewall > Access Rules (See Image 5 Below).
14. The default View Style is Matrix. Click the WLAN > LAN matrix intersection to see the rules affecting this traffic.
15. See the screen shot below to see the default rule. The rule in my screen shot is Allow, but the default MAY be Deny. Click Edit to bring up the particulars of the Access Rule. In the Action section, click the Allow radio button and click OK (See Image 6 Below).
16. Click the LAN > WLAN matrix intersection to confirm the default rule is configured to allow traffic. Use the procedure in Step 15 to change this to allow. Otherwise, proceed to the next step.
17. Now, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.
This article assumes the WAN GlobalVPN VPN policy has already been configured and is functioning. Additionally, this article is in two parts:
Part One will use an already configured WLAN zone for assigning IP addresses to GVC hosts.
Part Two will walk through setting up the WLAN zone if not already configured.
Part One – Setup DHCP for GVC Hosts Utilizing The WLAN Zone
NOTE: It is assumed that WLAN already has access to LAN and LAN to WLAN.
What you’ll need to know:
- The IP address assigned to the interface the WLAN zone is assigned to.
1. Login to the SonicWALL appliance and go to VPN > DHCP over VPN.
2. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).
3. Check the following boxes:
- Use Internal DHCP Server
- For Global VPN Client
4. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to. See Image 2 below for the final settings. Once the settings are completed, click OK.
5. Once completed, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.
Part Two: Setting Up DHCP For GVC Hosts When WLAN Hasn’t Been Configured
What you’ll need:
- Identify a IP subnet that isn’t currently being utilized on the internal network.
- An available interface on the SonicWALL
1. Click Network > Interface and edit an available Interface that isn’t being utilized for another purpose. For this article, I have selected the X3 interface.
2. Select the WLAN zone in the Zone drop down (See Image 3 Below).
3. Give the interface an IP address. For this article, I have chosen 10.10.10.20 (See Image 4 Below).
4. Click OK. You’ll get a prompt regarding the management interface. Disregard this message as the management interface is configured on the LAN interface.
5. Click Network > DHCP Server. Once the WLAN zone settings are saved to the Interface, the SonicWALL appliance automatically created a new DHCP scope specifically for hosts connected to the X3 interface (or, whichever Interface was chosen).
6. Edit the new DHCP scope and modify the Start and End IP range if the default is not acceptable.
7. Click the DNS/WINS tab. If you desire your GVC hosts to resolve hosts on the LAN network, you’ll need to enter the Active Directory domain (if utilized) and internal DNS servers. Also, if you have any WINS servers, you’ll need to enter those here too.
8. Once configured, click OK.
9. Click VPN > VPN Over DHCP.
10. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).
11. Check the following boxes:
- Use Internal DHCP Server
- For Global VPN Client
12. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to. See Image 2 below for the final settings. Once the settings are completed, click OK.
13. Now, we need to confirm Firewall Access between the WLAN <-> LAN zones. Click Firewall > Access Rules (See Image 5 Below).
14. The default View Style is Matrix. Click the WLAN > LAN matrix intersection to see the rules affecting this traffic.
15. See the screen shot below to see the default rule. The rule in my screen shot is Allow, but the default MAY be Deny. Click Edit to bring up the particulars of the Access Rule. In the Action section, click the Allow radio button and click OK (See Image 6 Below).
16. Click the LAN > WLAN matrix intersection to confirm the default rule is configured to allow traffic. Use the procedure in Step 15 to change this to allow. Otherwise, proceed to the next step.
17. Now, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (6)
Author
Commented:Commented:
Author
Commented:Are the subnets between the two different? Is the local subnet different than the subnet being assigned by the X5 DHCP scope on the Sonicwall?
Commented:
The fabricated X5 subnet is 10.0.69.0/24. The X5 Interface is 10.0.69.1. DHCP Scope for that is 10.0.69.10 thru .99.
If I change the "DHCP over VPN" properties so the client obtains an IP from our LAN DHCP server, everything is fine. But the whole point of this exercise is to get the VPN clients off the pesky 192.168.0.0 subnet.
Perhaps interestingly, I have a different DHCP scope for L2TP Pool. If the client connects from some standard L2TP VPN client, it works fine.
I may have to post this as a new question... It seems like I'm very close to getting this to work but some small detail isn't right yet.
Author
Commented:View More