Sonicwall VPN not giving DHCP address

We have a new Sonicwall firewall/router TZ180 that is working for Internet/email etc, but when we try to set up the VPN it connects, but will not give the outside machine a DHCP IP, it shows in the log that it connected but the address always stays at 0.0.0.0.  We have tried this on multiple outside machines and have the client setup correctly.  The in house DHCP server address is entered in the VPN settings in the sonicwall.  Any suggestions?  We tried several things on the phone with sonicwall support already and we checked and the modem that connects the network to the outside world has nothing blocked or turned off on it that should effect this.
thanks,
IndyNCCAsked:
Who is Participating?
 
IndyNCCConnect With a Mentor Author Commented:
Well we got it working.  Turns out we had to download the specific Sonicwall VPN client from their website to the workstation that is going to use it, then we had to turn Routing and Remote access on on the DHCP server on the LAN, which was harder than it should have been as every time we turned it on, the server lost connection to the internal network.  We got around that by using a second NIC in that server with a different IP for the routing and pointed the DHCP on the Sonicwall to that address so as not to mess up the rest of the machines on the LAN.  We than called Sonicwall again and they dialed in and ended up turning DHCP on the firewall on, but only for a 3 address range that was outside the DHCP scope as we only have 1 machine needing to get to the VPN.  That seemed to work and the VPN now gives an IP, though only one user can be on it at a time.  Not sure how to distribute the points here, but thanks for all the suggestions and it is up and working.
0
 
LawISCommented:
I personally have encountered this problem repeatedly with my tz180, and the only (semi)effective workaround I have found was to disable split-tunneling.  With split tunneling enabled, and with no other settings changes, I only get 0.0.0.0 or 169.xxx.xxx.xxx ip addresses.  Disabling split tunneling gets the connection working.  If you find some other way around this, please let me know.
0
 
IndyNCCAuthor Commented:
Where is that setting found and does turning it off effect anything else on the network or the firewall that would need to be changed?
thanks.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LawISCommented:
Sorry, I forgot that it doesn't specifically define this as "split tunneling" within the SonicWALL configuration, and it may not even be true split tunneling but that's how i've come to think of it...

Within the configuration for the Group VPN, under the "Client Settings" button, look for the "Client Connections" section.  Under this section, select Allow Traffic To: This Gateway Only.  Also, make sure that "Set Default         Route as this Gateway" is NOT selected.  This should only allow traffic to this gateway and disable any other traffic, which to my understanding is the same as disabling split tunneling.

If this works for you, you might want to try selecting "Set Default         Route as this Gateway", as it may allow traffic outside of your gateway while the VPN is enabled.  Hopefully this works as well for you as it did for me, and perhaps better as I never got any traffic besides local to work.  Cheers.
0
 
ccomleyCommented:
In the VPN config you have a page where you tell the Sonicwall where to obtain the IP address it hands out to the GVPN clients when they log in. It can refer to the Sonicwall's own DHCP service (but that  has to be configured and running if this option is to work) or it can be the Ip address of your main nework DHCP server. If you use a DHCP server OTHER than the one in the Sonicwall then that's the obvious chioce, but you must set it up on the DHCP over VPN config page.

0
 
LawISCommented:
Yeah, that was my first thought, but Indy states in the question that "The in house DHCP server address is entered in the VPN settings in the sonicwall."
0
 
ccomleyCommented:
Does the sonicwall log show anything at that point in the tunnel setup? Or does the DHCP server log?
0
 
IndyNCCAuthor Commented:
The split tunneling idea did not work, it still connects from outside but does not ever obatin an IP address.  The DHCP page has it set to obtain a DHCP address from the internal DHCP server and the internal IP of that server is entered in the box.  The LAN gateway address under another tab (I'm not looking at it right now) is all 0.0.0.0 but when Sonicwall support dialed in to look at it the other day they did not change that or say anything about it.  The logs show the outside machine connecting and even show the outside machines name, but the IP is always 0.0.0.0  for any of them and we have tried multiple outside machines with the client configured.  Any help would be appreciated.
0
 
LawISCommented:
I would definitely put in the address of the LAN gateway, perhaps the SonnicWALL tech overlooked that?  I'm out of other ideas for the moment, but if I think of anything else you'll be the first to know.
0
 
IndyNCCAuthor Commented:
Is that the same as the default gateway on the internal network?
0
 
LawISCommented:
Yes, whenever the SonicWALL device specifies LAN, it always means it's local (internal) network.
0
 
IndyNCCAuthor Commented:
When I type that in a message pops up saying that the default lan gateway is specified but the connection is not set as the default route for clients this will prevent clients from connecting on the wan port....set default route as this gatteway on client page"  I am not onsite right now so I don't want to change anything that might effect their connectivity.  The set default route as this gateway is not checked on the client page under the VPN, not sure if that is the problem or not.
0
 
LawISCommented:
Yes, that is the only way I was able to get it to work.  By leaving "Set default route as this gateway" unchecked once connected your clients will not have access to the WAN, only the LAN.  Whenever I enable that connectivity my clients can no longer receive IPs, so as unfortunate as it is I leave it unchecked.

The result of this is that your VPN clients will not have internet access when connected to the VPN, only intranet access.  To access internet resources they will need to disconnect from the VPN, which will obviously make them lose their connection to intranet resources.  The way split tunneling is supposed to work the machine running your client will have access to both internet and intranet while the VPN is enabled, but I have never been able to get this to work correctly.  

This will not affect the connectivity to any other zone, such as your LAN, just the VPN connectors.  People on your LAN will not experience any difference in their network connection, so I wouldn't worry too much about making these changes remotely.  I would advise, as a general practice, to make frequent backups of your router's configuration just in case you unintentionally cause some "temporary congifuration damage" :-)
0
 
LawISCommented:
Yes, I also have never got any other VPN solution other than the SonicWALL Global VPN client to work with SonicWALL routers.  As annoying as it is, if it works why mess with it...

Glad you're up and running!
0
 
IndyNCCAuthor Commented:
Agree, they did say also though that if we had had more than 4 or 5 users trying to use this, it would not have worked that way and the solution would have been more complicated to set up and get working.  Right now the client only bought 1 VPN license with the firewall so only one user can be connected at a time.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.