Site to Site VPN problems between SonicWall TZ150 (remote) and TZ170 (central)
Posted on 2007-11-29
The following is our current network infrastructure:
Client PCs > SBS 2003 DC (with DHCP & 2 NICs - one internal on 10.xxx.xxx.xxx and one external to the SonicWall on 192.xxx.xxx.xxx) > SonicWall TZ170 > ADSL Internet
The goal is to add a pair of TZ150's which will register via VPN to the TZ170 over the internet. The TZ150's will have dynamtic addresses while the TZ170 is on a static. We have worked on the issue for a while today (we are all NEW to VPN's in general here) and were able to get the TZ150s to establish the tunnel successfullly to the TZ170. We can ping back/forth from the 150's to the 170 and vice-versa. We are having issues with two items:
1.) The TZ150's can't seem to "see" beyond the TZ170. They can ping (using the SonicWall built-in admin ping) the 170 and the external NIC on the SBS but not the Internal at all. Nor can the 170 or SBS ping the clients attached to the 150's. Also, only the SonicWall ping works, built-in Windows one does not. Nothing beyond the SonicWall ping works either.
2.) We would like to be able to have the SBS box hand-out the IP addresses via DHCP to the clients behind the TZ150's... however this may be impossible... not sure.
Couple of details:
1.) We know the SBS network works, it has been in-place and running for about 3-years. The client has decided to add remote sites and needs a high-level of monitoring, control, and access restrictions... unfortunately the built-in SBS VPN isn't going to cut it. Also, they want something that is on prior to log-in, so the user can authenticate on the SBS network, hence the reason no software client.
2.) The SonicWalls (all 3) are using the most current firmware -- as of today -- and all are on SonicOS Standard.
3.) We have many custom access rules set-up ont he TZ170 already, so we are familiar with SonicWall and general firewall functionality... however, as stated, VPN is new to us.
Any assistance would be GREATLY appreciated.