• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 636
  • Last Modified:

Sonic Wall 2040 VPN Client access to branch sites not working

I have one main office and 10 branch offices . All branch offices have a VPN Tunnel setup to come back to main office on the Sonicwall 2040 (using cisco 806 and 871 routers). Issue is that users that use the sonic wall VPN Client while offsite can connect to main office and see everything at the main office but cannot see any of the branch offices. The sonicwall appliance is running SonicOS Standard 3.1.0.15-95s. The client VPN are set to use split tunnels.
0
Information Technology
Asked:
Information Technology
  • 4
  • 3
1 Solution
 
dpk_walCommented:
As you are running split tunnels on VPN clients; the remote users would not be able to send traffic to remote tunnels as the traffic from their machine for remote tunnels would not flow over the VPN tunnel.

You can use default route tunnels instead; of if an option; include all other subnets in the split tunel configuration [I am not sure if you can include all 10].

Please let know if you need more details.

Thank you.
0
 
Information TechnologyAuthor Commented:
Thanks for the reply. I have tried also different configurations with no success. I have dropped the split tunnels and set the following options for my GroupVPN settings (screenshots attached). I still cannot access any of the other sites. I can ping the gateway but that's it...
 Sorry I am not very familiar with the Sonicwall VPN configuration... Thanks for any input you have!

Config-Screen-1.JPG
Config-Screen-2.JPG
0
 
dpk_walCommented:
Under Client tab; client connections, set "Allow Connections to" to "All Secured Gateways"; this should help.

If it still does not work, then under Advanced tab, set Default LAN gateway as 0.0.0.0.

Please note you would need to change the settings on the client or reimport the configuration file.

Please check and update.

Thank you.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Information TechnologyAuthor Commented:
Hi,
Thanks for the reply. I did try your siggestions and some other combinations of those but still no go. I cannot ping anything outside of the main network. We are anyway considering going with a Cisco ASA 5505 or 5510 instead of renewing the Sonicwall 2040... All the other router beeing Cisco, it will probably unify our network. Please let me know if you have any other suggestions just in case. I am suspecting maybe a firewall rule is blocking the VPN traffic but even if I don't enable the NAT and Firewall rules options, it does not make any difference.
Thanks!
0
 
dpk_walCommented:
I am assuming that the remote cilents are getting IP in the same subnet as trust network; if not then yes you would need a firewall policy/rule allowing traffic from remote clients to remote subnet; also, in this case the VPN tunnel definitions need to include remote client subnet at all ends.

I would like to know when you enabled default route tunnel; at that time before and after tunnel establishment from the client, can you check the output of following command:
route print
and ensure that the remote IP as assigned by Sonicwall is the default gateway on the client machine. Also, if possible run some packet capture (like wireshark) and sniff to see if the packets are reaching the network behind sonicwall.
If yes, then based on the policies the traffic should get routed to the remote VPN tunnels.

Other than I am not sure what else could be blocking the traffic.

Thank you.
0
 
Information TechnologyAuthor Commented:
hi, thanks for trying to resolve this. It is time for an update of our VPN so I did not persue with issue. I think it will be solved when we switch the appliance with a new one.
0
 
dpk_walCommented:
Thank you for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now