blueswitch
asked on
sonicwall hub and spoke vpn
Hi
im trying to setup a sonicwall hub and spoke vpn, i have my vpns established to the hub from both location
call them ABC
B will be th hub,
A can talk to b
b can talk to c
but how do i get a to talk to c through b
with out adding the vpn from a to c (hub and spoke)
thanks
im trying to setup a sonicwall hub and spoke vpn, i have my vpns established to the hub from both location
call them ABC
B will be th hub,
A can talk to b
b can talk to c
but how do i get a to talk to c through b
with out adding the vpn from a to c (hub and spoke)
thanks
Turn on allow traffic to remote VPNs in the hub VPN.
ASKER
where is this setting
i have enhanced os
also does the remote end nee dto know about the other ip range somewhere or is it all automatic
i have enhanced os
also does the remote end nee dto know about the other ip range somewhere or is it all automatic
It's in the VPN's SA configuration. At the core site and you need to add it to all SAs you want to Forward Packets to Remote VPN’s over. At the remote sites you need to define all the destination networks of the other remote sites you need to reach.
ASKER
sorry, but i cant seem to find that checkbox
i am on teh setting page, then i click edit for the existing vpn
and then under advanced
it has
enable keep alive
suppress automatic access rules
require authentication of vpn clients
enables windows networking broadcast
enable multicast
apply nat policxies
but not th eone you are mentioning
thanks
i am on teh setting page, then i click edit for the existing vpn
and then under advanced
it has
enable keep alive
suppress automatic access rules
require authentication of vpn clients
enables windows networking broadcast
enable multicast
apply nat policxies
but not th eone you are mentioning
thanks
It should look something like this,
Core
SA Name=SiteA
Destination Network=192.168.2.0
Advanced Option(s) Enabled
Forward Packets To Remote VPN's
SA Name=SiteB
Destination Network=192.168.2.0
Advanced Option(s) Enabled
Forward Packets To Remote VPN's
Site A
SA Name=HQ
Destination Network(s)
192.168.1.0
192.168.3.0
Site B
SA Name=HQ
Destination Network(s)
192.168.1.0
192.168.2.0
Core
SA Name=SiteA
Destination Network=192.168.2.0
Advanced Option(s) Enabled
Forward Packets To Remote VPN's
SA Name=SiteB
Destination Network=192.168.2.0
Advanced Option(s) Enabled
Forward Packets To Remote VPN's
Site A
SA Name=HQ
Destination Network(s)
192.168.1.0
192.168.3.0
Site B
SA Name=HQ
Destination Network(s)
192.168.1.0
192.168.2.0
ASKER
sorry but i do not have that can you be specific
i click on vpn, the settings in teh left menu.
then i see the list of configured vpns on the right sidem then i edit the existing vpn
am i going to wrong place
i click on vpn, the settings in teh left menu.
then i see the list of configured vpns on the right sidem then i edit the existing vpn
am i going to wrong place
I looked through the latest documentation and I don't see how to configure that from the GUI.
ASKER
so if not from gui
how would i configure this not gui
how would i configure this not gui
You would use the CLI via SSH or console port but I am not seeing that entry in there either. Is it possible that in the newer revisions you need to just configure the remote side to add the networks you want to reach via the tunnel and the hub VPN takes care of the rotuing without an extra config parameter?
ASKER
i did but not working, maybe i have to manually add firewallrules
Can you check the firewall's logs and see if anything is being dropped trying to go from a to c?
ASKER
gonna checked today
thanks
thanks
ASKER
i cant tell much from the logs
but i think the enhanced does this via rules
or routes
but not sure which to use or try, i have tried rules, vpn to vpn and still doesnt work, would you know which firewall rule to test
but i think the enhanced does this via rules
or routes
but not sure which to use or try, i have tried rules, vpn to vpn and still doesnt work, would you know which firewall rule to test
Technically you need a route and a firewall rule but when you configure the remote networks it should build both of those for you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i found the correct documentation and how to do, thanks for your help
its very differnt in the enhanced, but logical
its very differnt in the enhanced, but logical
Glad you got it. Good Luck.