?
Solved

Sonicwall Global VPN Client v3.1 not allowing Internet traffic when activated

Posted on 2007-11-14
6
Medium Priority
?
4,294 Views
Last Modified: 2009-05-15
I have a Sonicwall Pro 4060 I have configured the the Gvpn and i can access everything on the remote network but i cannot access the internet while I am connected. I have configured split tunnels but i still haven't access to the internet. everything else is working.
0
Comment
Question by:moniqa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:budchawla
ID: 20326644
Ensure that you haven't used the "require security client for this connection" for the GroupVPN.

In general, the client setting to allow it to split tunnels is the setting that allows it to access the internet, so that should be all you need.

I would also recommend that you upgrade to the latest version of the GVC (v4 is now RTM) and if possible, try to re-create the GroupVPN SA just to ensure that you're setting it exactly as you want...

hth

bud
0
 

Expert Comment

by:sa1ntx
ID: 20342130
I had the same problem trying to access internet traffic through a VPN connection. I followed this documentation from sonicwall and added the WAN rule on page 14 and it nailed the problem. http://www4.nohold.net/noHoldCust301/Prod_1/KnowledgePortal/KPScripts/amsviewer.asp?docid=6999ff1d6100416691f1a53e104cd0ab_GVC_sos25e_Route_All_Traffic_through_a_SonicWALL.pdf&amsstatsid=331303

In regards to setting up split tunnels, could you post your settings in the Client section of the WAN group VPN.

0
 
LVL 1

Accepted Solution

by:
tonyc6601 earned 1000 total points
ID: 21887669
To access the Internet through your ISP while connected through Sonicwall Global VPN Client (split tunnel), follow these steps:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1.      Click the Advanced tab. Set Default Gateway to 0.0.0.0.
2.      Click the Client tab. Set Allow Connections to - Split Tunnels.
3.      Uncheck Set Default Route as this Gateway.
4.      Click OK.
5.      Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
6.      Close the Sonicwall Global VPN Client application (from system tray as well).
7.      Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
 If the above settings do not provide a resolution:
On the client PC open a Command Prompt and type the command:  route print.  The route print should show only one 0.0.0.0 0.0.0.0 route with the default gateway configured on the client PC.
If configured properly the Sonicwall will provide single routes for the destination networks that can be reached over the GVC connection.
If there are two 0.0.0.0 0.0.0.0 routes and if the Connection Details on the Connection Status shows 0.0.0.0 0.0.0.0 this can be caused due to:
     1.    Set Default Route as this Gateway is checked on the GroupVPN configuration
     2.    On the VPN Access TAB on either user or group properties on of the following objects is configured:
            - Firewalled Subnets
            - WAN Subnets
In case of the latter, remove these and exchange them with more specific Address Objects and/or Groups.
To access the Internet through the Sonicwall while connected through Sonicwall Global VPN Client (route all tunnel), follow these steps:
Sonic Standard firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1.      Click the Advanced tab. Set Default Gateway to the IP address of a LAN based router / second Firewall.
2.      Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways.
3.      Check Set Default Route as this Gateway.
4.      Click OK.
5.      Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
6.      Close the Sonicwall Global VPN Client application (from system tray as well).
7.      Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
Sonic Enhanced firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1.      Click the Advanced tab. Set Default Gateway 0.0.0.0.
2.      Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways
3.      Check Set Default Route as this Gateway.
4.      Click OK.
5.      If DHCP over VPN is used:
1.      Add a NAT policy:
2.      Original Source: Vpn DHCP Clients  
3.      Translated Source: WAN Primary IP
4.      Original Destination: Any
5.      Translated Destination: Original
6.      Original Service: Any
7.      Translated Service: Original
8.      Inbound Interface: Any
9.      For the OutBound Interface select the Primary WAN port
10.      Set Enable NAT Policy
11.      Do NOT set Create a reflexive policy
12.      Click OK.
6.      if DHCP over VPN is not used:
1.      Go to the NAT Policy Table
2.      Locate the default Policy with Original Source: Any and Translated Source: WAN Primary IP the Sonicwall has created for Inbound Interface is LAN Port and Outbound Interface is WAN port
3.      Edit this rule
4.      Change Inbound Interface to Any
5.      Be careful with this in case a NON Natted DMZ port is used
7.      Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
8.      Close the Sonicwall Global VPN Client application (from system tray as well).
9.      Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.

I would upgrade to GVC version 4.0
0
 

Expert Comment

by:Enclave Technologies
ID: 24399303
Hi,
I used this solution and it worked for me.  Not sure if there are any security implications though?

Tnx,

Engineer
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question