Link to home
Start Free TrialLog in
Avatar of blueswitch
blueswitch

asked on

sonicwall hub and spoke vpn

Hi

im trying to setup a sonicwall hub and spoke vpn, i have my vpns established to the hub from both location
call them ABC
B will be th hub,
A can talk to b
b can talk to c
but how do i get a to talk to c through b
with out adding the vpn  from a to c (hub and spoke)

thanks

Avatar of Rick_O_Shay
Rick_O_Shay
Flag of United States of America image

Turn on allow traffic to remote VPNs in the hub VPN.
Avatar of blueswitch
blueswitch

ASKER

where is this setting
i have enhanced os
also does the remote end nee dto know about the other ip range  somewhere or is it all automatic
It's in the VPN's SA configuration. At the core site and you need to add it to all SAs you want to Forward Packets to Remote VPN’s over. At the remote sites you need to define all the destination networks of the other remote sites you need to reach.
sorry, but i cant seem to find that checkbox
i am on teh setting page, then i click edit for the existing vpn
and then under advanced

it has

enable keep alive
suppress  automatic access rules
require authentication of vpn clients
enables windows networking broadcast
enable multicast
apply nat policxies

but not th eone you are mentioning

thanks
It should look something like this,

Core
SA Name=SiteA
Destination Network=192.168.2.0
Advanced Option(s) Enabled
   Forward Packets To Remote VPN's
SA Name=SiteB
Destination Network=192.168.2.0
Advanced Option(s) Enabled
   Forward Packets To Remote VPN's
Site A
SA Name=HQ
Destination Network(s)
   192.168.1.0
   192.168.3.0
Site B
SA Name=HQ
Destination Network(s)
   192.168.1.0
   192.168.2.0
sorry but i do not have that can you be specific

i click on vpn, the settings in teh left menu.
then i see the list of configured vpns on the right sidem then i edit the existing vpn

am i going to wrong place
I looked through the latest documentation and I don't see how to configure that from the GUI.
so if not from gui
how would i configure this not gui
You would use the CLI via SSH or console port but I am not seeing that entry in there either. Is it possible that in the newer revisions you need to just configure the remote side to add the networks you want to reach via the tunnel and the hub VPN takes care of the rotuing without an extra config parameter?
i did but not working, maybe i have to manually add firewallrules
Can you check the firewall's logs and see if anything is being dropped trying to go from a to c?
gonna checked today
thanks
i cant tell much from the logs

but i think the enhanced does this via rules
or routes
but not sure which to use or try, i have tried rules, vpn to vpn and still doesnt work, would you know which firewall rule to test
Technically you need a route and a firewall rule but when you configure the remote networks it should build both of those for you.
ASKER CERTIFIED SOLUTION
Avatar of Rick_O_Shay
Rick_O_Shay
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i found the correct documentation and how to do, thanks for your help
its very differnt in the enhanced, but logical
Glad you got it. Good Luck.