• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2115
  • Last Modified:

Route traffic from VPN Client to other Subnets

I have the following issue with our Sonicwall Firewall.

Network:  192.168.0.0/255.255.252.0
Remote Subnet:  192.168.5.0/255.255.255.0
Remote Subnet 2: 192.168.15.0/255.255.255.0
VPN Clients:  192.168.0.0/255.255.252.0


I need to be able to access the remote subnets via the Sonicwall Global VPN Client software.  I can connect over VPN and am able to access my 0.0/22 network with no issue but cannot figure out how to get traffic to come from the GVC user to the remote subnets and back again.

Thanks
0
mcusadev
Asked:
mcusadev
1 Solution
 
Frank McCourryV.P. Holland Computers, Inc.Commented:
Check the client tab of your VPN policy.  Make sure that it is set to use split tunnels.  Then make sure that your routing table has a path to each of the subnets and that your firewall or NAT policies do not block these paths in any way.  You will also need an access rule under your firewall settings that specifically allows VPN clients access to each of the individual networks.
0
 
ccomleyCommented:
First up, you will need something on the remote client to TELL it that the additional networks are to be reached via the VPN tunnel - else to reach thsoe IPs it will send the traffic to the default gateway by default. You may be able to do this by setting the option to force ALL internet (i.e. non-local) traffic from the VPN client to go via the VPN tunnel. But you may not wish to do that - in which case your other option would be manually adding routes to the client PC - which you can perhaps do with a BAT (CMD) file full of ROUTE ADD commands which in turn can be called by the "run program on connection" option of the GVPN client.


SECOND don't forget you will need return routes BACK from the other networks to the VPN host network for the VPN client's IP - though with more modern Sonicwall s/w this will be an IP address in the host LAN range issued by the DHCP server, not a remote IP address - so this bit probably isn't the issue.

0
 
mcusadevAuthor Commented:
ccomley:  makes sense.  I will give that a shot and report back.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now