<

Global VPN Client IP Assignment Using The Sonicwall Appliance

Published on
26,676 Points
16,776 Views
4 Endorsements
Last Modified:
Awarded
Community Pick
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t practical for one reason or another.

This article assumes the WAN GlobalVPN VPN policy has already been configured and is functioning.  Additionally, this article is in two parts:

Part One will use an already configured WLAN zone for assigning IP addresses to GVC hosts.
Part Two will walk through setting up the WLAN zone if not already configured.


Part One – Setup DHCP for GVC Hosts Utilizing The WLAN Zone


NOTE: It is assumed that WLAN already has access to LAN and LAN to WLAN.

What you’ll need to know:
- The IP address assigned to the interface the WLAN zone is assigned to.

1. Login to the SonicWALL appliance and go to VPN > DHCP over VPN.

2. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).



3. Check the following boxes:
    - Use Internal DHCP Server
    - For Global VPN Client

4. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to.  See Image 2 below for the final settings.  Once the settings are completed, click OK.



5. Once completed, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.


Part Two: Setting Up DHCP For GVC Hosts When WLAN Hasn’t Been Configured

What you’ll need:
- Identify a IP subnet that isn’t currently being utilized on the internal network.
- An available interface on the SonicWALL

1. Click Network > Interface and edit an available Interface that isn’t being utilized for another purpose.  For this article, I have selected the X3 interface.

2. Select the WLAN zone in the Zone drop down (See Image 3 Below).



3. Give the interface an IP address.  For this article, I have chosen 10.10.10.20 (See Image 4 Below).



4. Click OK.  You’ll get a prompt regarding the management interface.  Disregard this message as the management interface is configured on the LAN interface.

5. Click Network > DHCP Server.  Once the WLAN zone settings are saved to the Interface, the SonicWALL appliance automatically created a new DHCP scope specifically for hosts connected to the X3 interface (or, whichever Interface was chosen).

6. Edit the new DHCP scope and modify the Start and End IP range if the default is not acceptable.

7. Click the DNS/WINS tab.  If you desire your GVC hosts to resolve hosts on the LAN network, you’ll need to enter the Active Directory domain (if utilized) and internal DNS servers.  Also, if you have any WINS servers, you’ll need to enter those here too.

8. Once configured, click OK.

9. Click VPN > VPN Over DHCP.

10. Confirm Central Gateway is selected in the drop down and click Configure (See Image 1 Below).



11. Check the following boxes:

    - Use Internal DHCP Server
    - For Global VPN Client

12. In the Relay IP Address text box, type the IP address assigned to the interface the WLAN zone is assigned to.  See  Image 2 below for the final settings.  Once the settings are completed, click OK.



13. Now, we need to confirm Firewall Access between the WLAN <-> LAN zones.  Click Firewall > Access Rules (See Image 5 Below).



14. The default View Style is Matrix.  Click the WLAN > LAN matrix intersection to see the rules affecting this traffic.

15. See the screen shot below to see the default rule.  The rule in my screen shot is Allow, but the default MAY be Deny.  Click Edit to bring up the particulars of the Access Rule.  In the Action section, click the Allow radio button and click OK (See Image 6 Below).



16. Click the LAN > WLAN matrix intersection to confirm the default rule is configured to allow traffic.  Use the procedure in Step 15 to change this to allow.  Otherwise, proceed to the next step.

17. Now, establish a VPN connection and confirm the IP address is assigned from the DHCP scope assigned to the WLAN zone.
4
Author:digitap
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free