mtkaiser
asked on
Sonicwall is connected to two seperate LANs, but DHCP will only assign IP addresses from one of those LANs to VPN clients
I have a Sonicwall 3060 connected to two seperate LANs (each LAN being a different company). These two companies are sharing the Sonicwall and the T1 internet connection. Company 1 is connected to the X0 interface, Company 2 is connected to the X2 interface, and the internet is on the X1 interface. These two companies and their users must be isolated from each other as Company 2 is a health care company and governed by HIPAA privacy rules.
The problem is when users connect to their respective LANs via the VPN client, they are only getting assigned an IP address from Company 1. First I tried using the Sonicwall as a DHCP server, then using a Windows DHCP server on each LAN. I got the same results both ways.
How can I set it up so that users from Company 1 will get an IP address for their LAN (192.168.1.x) and users from Company 2 will get one from their IP range (192.168.2.x) when they connect using the Global VPN Client?
The problem is when users connect to their respective LANs via the VPN client, they are only getting assigned an IP address from Company 1. First I tried using the Sonicwall as a DHCP server, then using a Windows DHCP server on each LAN. I got the same results both ways.
How can I set it up so that users from Company 1 will get an IP address for their LAN (192.168.1.x) and users from Company 2 will get one from their IP range (192.168.2.x) when they connect using the Global VPN Client?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The point zephyr is making is that there has to be a'distinguisher' between the two vpn groups on the outside; not just on the inside. When a vpn call comes in from the outside, the Sonic needs to know at that point which group the user belongs to so it can take the appropriate action. In your case, it is assign an address from the correct dhcp pool.
Cisco VPN concentrators for example have a group setting where you can put source ip addresses/users etc into so that it can assign the correct addresses as required. I believe that Sonic can do the same but by using differet external IP's.
For example, if you had two external IP addresses assigned to the external interface of your Sonic, you can take one set of actions for that group and different set of actions for company 2 as they will have called the VPN on the second IP address.
Another alternative would be to have a second Internet connection & firewall so each would be kept seperate.
Only other solution I can think of is something like Cisco's Access Control Server (ACS) where you put the users into groups that the external device can check as connections are made so as to know, in advance, the decisions it needs to make such as which DHCP server and the like.
Sorry it likely does not serve your needs but that is the way it works.
Cisco VPN concentrators for example have a group setting where you can put source ip addresses/users etc into so that it can assign the correct addresses as required. I believe that Sonic can do the same but by using differet external IP's.
For example, if you had two external IP addresses assigned to the external interface of your Sonic, you can take one set of actions for that group and different set of actions for company 2 as they will have called the VPN on the second IP address.
Another alternative would be to have a second Internet connection & firewall so each would be kept seperate.
Only other solution I can think of is something like Cisco's Access Control Server (ACS) where you put the users into groups that the external device can check as connections are made so as to know, in advance, the decisions it needs to make such as which DHCP server and the like.
Sorry it likely does not serve your needs but that is the way it works.
O well, your welcome anyway.
regards
keith
regards
keith
ASKER