?
Solved

Sonic Wall 2040 VPN Client access to branch sites not working

Posted on 2009-07-14
7
Medium Priority
?
633 Views
Last Modified: 2012-05-07
I have one main office and 10 branch offices . All branch offices have a VPN Tunnel setup to come back to main office on the Sonicwall 2040 (using cisco 806 and 871 routers). Issue is that users that use the sonic wall VPN Client while offsite can connect to main office and see everything at the main office but cannot see any of the branch offices. The sonicwall appliance is running SonicOS Standard 3.1.0.15-95s. The client VPN are set to use split tunnels.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24860283
As you are running split tunnels on VPN clients; the remote users would not be able to send traffic to remote tunnels as the traffic from their machine for remote tunnels would not flow over the VPN tunnel.

You can use default route tunnels instead; of if an option; include all other subnets in the split tunel configuration [I am not sure if you can include all 10].

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:Information Technology
ID: 24861634
Thanks for the reply. I have tried also different configurations with no success. I have dropped the split tunnels and set the following options for my GroupVPN settings (screenshots attached). I still cannot access any of the other sites. I can ping the gateway but that's it...
 Sorry I am not very familiar with the Sonicwall VPN configuration... Thanks for any input you have!

Config-Screen-1.JPG
Config-Screen-2.JPG
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24870462
Under Client tab; client connections, set "Allow Connections to" to "All Secured Gateways"; this should help.

If it still does not work, then under Advanced tab, set Default LAN gateway as 0.0.0.0.

Please note you would need to change the settings on the client or reimport the configuration file.

Please check and update.

Thank you.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Information Technology
ID: 24897755
Hi,
Thanks for the reply. I did try your siggestions and some other combinations of those but still no go. I cannot ping anything outside of the main network. We are anyway considering going with a Cisco ASA 5505 or 5510 instead of renewing the Sonicwall 2040... All the other router beeing Cisco, it will probably unify our network. Please let me know if you have any other suggestions just in case. I am suspecting maybe a firewall rule is blocking the VPN traffic but even if I don't enable the NAT and Firewall rules options, it does not make any difference.
Thanks!
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 24901863
I am assuming that the remote cilents are getting IP in the same subnet as trust network; if not then yes you would need a firewall policy/rule allowing traffic from remote clients to remote subnet; also, in this case the VPN tunnel definitions need to include remote client subnet at all ends.

I would like to know when you enabled default route tunnel; at that time before and after tunnel establishment from the client, can you check the output of following command:
route print
and ensure that the remote IP as assigned by Sonicwall is the default gateway on the client machine. Also, if possible run some packet capture (like wireshark) and sniff to see if the packets are reaching the network behind sonicwall.
If yes, then based on the policies the traffic should get routed to the remote VPN tunnels.

Other than I am not sure what else could be blocking the traffic.

Thank you.
0
 

Author Closing Comment

by:Information Technology
ID: 31603273
hi, thanks for trying to resolve this. It is time for an update of our VPN so I did not persue with issue. I think it will be solved when we switch the appliance with a new one.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25017127
Thank you for the points!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question