Solved

Sonic Wall 2040 VPN Client access to branch sites not working

Posted on 2009-07-14
7
627 Views
Last Modified: 2012-05-07
I have one main office and 10 branch offices . All branch offices have a VPN Tunnel setup to come back to main office on the Sonicwall 2040 (using cisco 806 and 871 routers). Issue is that users that use the sonic wall VPN Client while offsite can connect to main office and see everything at the main office but cannot see any of the branch offices. The sonicwall appliance is running SonicOS Standard 3.1.0.15-95s. The client VPN are set to use split tunnels.
0
Comment
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24860283
As you are running split tunnels on VPN clients; the remote users would not be able to send traffic to remote tunnels as the traffic from their machine for remote tunnels would not flow over the VPN tunnel.

You can use default route tunnels instead; of if an option; include all other subnets in the split tunel configuration [I am not sure if you can include all 10].

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:Information Technology
ID: 24861634
Thanks for the reply. I have tried also different configurations with no success. I have dropped the split tunnels and set the following options for my GroupVPN settings (screenshots attached). I still cannot access any of the other sites. I can ping the gateway but that's it...
 Sorry I am not very familiar with the Sonicwall VPN configuration... Thanks for any input you have!

Config-Screen-1.JPG
Config-Screen-2.JPG
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24870462
Under Client tab; client connections, set "Allow Connections to" to "All Secured Gateways"; this should help.

If it still does not work, then under Advanced tab, set Default LAN gateway as 0.0.0.0.

Please note you would need to change the settings on the client or reimport the configuration file.

Please check and update.

Thank you.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Information Technology
ID: 24897755
Hi,
Thanks for the reply. I did try your siggestions and some other combinations of those but still no go. I cannot ping anything outside of the main network. We are anyway considering going with a Cisco ASA 5505 or 5510 instead of renewing the Sonicwall 2040... All the other router beeing Cisco, it will probably unify our network. Please let me know if you have any other suggestions just in case. I am suspecting maybe a firewall rule is blocking the VPN traffic but even if I don't enable the NAT and Firewall rules options, it does not make any difference.
Thanks!
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24901863
I am assuming that the remote cilents are getting IP in the same subnet as trust network; if not then yes you would need a firewall policy/rule allowing traffic from remote clients to remote subnet; also, in this case the VPN tunnel definitions need to include remote client subnet at all ends.

I would like to know when you enabled default route tunnel; at that time before and after tunnel establishment from the client, can you check the output of following command:
route print
and ensure that the remote IP as assigned by Sonicwall is the default gateway on the client machine. Also, if possible run some packet capture (like wireshark) and sniff to see if the packets are reaching the network behind sonicwall.
If yes, then based on the policies the traffic should get routed to the remote VPN tunnels.

Other than I am not sure what else could be blocking the traffic.

Thank you.
0
 

Author Closing Comment

by:Information Technology
ID: 31603273
hi, thanks for trying to resolve this. It is time for an update of our VPN so I did not persue with issue. I think it will be solved when we switch the appliance with a new one.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25017127
Thank you for the points!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now