Solved

Route traffic from VPN Client to other Subnets

Posted on 2009-04-09
3
1,954 Views
Last Modified: 2013-11-16
I have the following issue with our Sonicwall Firewall.

Network:  192.168.0.0/255.255.252.0
Remote Subnet:  192.168.5.0/255.255.255.0
Remote Subnet 2: 192.168.15.0/255.255.255.0
VPN Clients:  192.168.0.0/255.255.252.0


I need to be able to access the remote subnets via the Sonicwall Global VPN Client software.  I can connect over VPN and am able to access my 0.0/22 network with no issue but cannot figure out how to get traffic to come from the GVC user to the remote subnets and back again.

Thanks
0
Comment
Question by:mcusadev
3 Comments
 
LVL 9

Expert Comment

by:Frank McCourry
ID: 24114767
Check the client tab of your VPN policy.  Make sure that it is set to use split tunnels.  Then make sure that your routing table has a path to each of the subnets and that your firewall or NAT policies do not block these paths in any way.  You will also need an access rule under your firewall settings that specifically allows VPN clients access to each of the individual networks.
0
 
LVL 16

Accepted Solution

by:
ccomley earned 500 total points
ID: 24143440
First up, you will need something on the remote client to TELL it that the additional networks are to be reached via the VPN tunnel - else to reach thsoe IPs it will send the traffic to the default gateway by default. You may be able to do this by setting the option to force ALL internet (i.e. non-local) traffic from the VPN client to go via the VPN tunnel. But you may not wish to do that - in which case your other option would be manually adding routes to the client PC - which you can perhaps do with a BAT (CMD) file full of ROUTE ADD commands which in turn can be called by the "run program on connection" option of the GVPN client.


SECOND don't forget you will need return routes BACK from the other networks to the VPN host network for the VPN client's IP - though with more modern Sonicwall s/w this will be an IP address in the host LAN range issued by the DHCP server, not a remote IP address - so this bit probably isn't the issue.

0
 

Author Comment

by:mcusadev
ID: 24170497
ccomley:  makes sense.  I will give that a shot and report back.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question