Sonicwall is connected to two seperate LANs, but DHCP will only assign IP addresses from one of those LANs to VPN clients

I have a Sonicwall 3060 connected to two seperate LANs (each LAN being a different company).  These two companies are sharing the Sonicwall and the T1 internet connection.  Company 1 is connected to the X0 interface, Company 2 is connected to the X2 interface, and the internet is on the X1 interface.  These two companies and their users must be isolated from each other as Company 2 is a health care company and governed by HIPAA privacy rules.

The problem is when users connect to their respective LANs via the VPN client, they are only getting assigned an IP address from Company 1.  First I tried using the Sonicwall as a DHCP server, then using a Windows DHCP server on each LAN.  I got the same results both ways.

How can I set it up so that users from Company 1 will get an IP address for their LAN (192.168.1.x) and users from Company 2 will get one from their IP range (192.168.2.x) when they connect using the Global VPN Client?


mtkaiserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zephyr_hex (Megan)DeveloperCommented:
since you have only 1 internet connection, how does the sonicwall know which company to forward an incoming connection to?  you only have 1 external IP.  a remote user will use that external IP when they specify where they are connecting to... but i don't see how you will specify which company that incoming connection belongs to.
i believe you need 2 static IP addresses.  your sonicwall will then know which incoming connection belongs to which company (one static IP per company).  you will have to configure a global VPN client for each static IP.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mtkaiserAuthor Commented:
There are two different groups of VPN clients (Company 1 Group and Company 2 Group).  Each group is only allowed to connect to their own LANs.  That rule is working, however, when people from Company 2 connect to their LAN, they are being assigned an IP address from the Company 1 LAN.
0
Keith AlabasterEnterprise ArchitectCommented:
The point zephyr is making is that there has to be a'distinguisher' between the two vpn groups on the outside; not just on the inside. When a vpn call comes in from the outside, the Sonic needs to know at that point which group the user belongs to so it can take the appropriate action. In your case, it is assign an address from the correct dhcp pool.

Cisco VPN concentrators for example have a group setting where you can put source ip addresses/users etc into so that it can assign the correct addresses as required. I believe that Sonic can do the same but by using differet external IP's.

For example, if you had two external IP addresses assigned to the external interface of your Sonic, you can take one set of actions for that group and different set of actions for company 2 as they will have called the VPN on the second IP address.

Another alternative would be to have a second Internet connection & firewall so each would be kept seperate.

Only other solution I can think of is something like Cisco's Access Control Server (ACS) where you put the users into groups that the external device can check as connections are made so as to know, in advance, the decisions it needs to make such as which DHCP server and the like.

Sorry it likely does not serve your needs but that is the way it works.

0
Keith AlabasterEnterprise ArchitectCommented:
O well, your welcome anyway.

regards
keith
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.