Solved

SonicWALL Global VPN DHCP over VLAN issues

Posted on 2010-08-12
7
2,806 Views
Last Modified: 2013-08-15
Hello,

I am having an issue with our SonicWALL Pro 4100.  I am attempting to set up DHCP over a VLAN on our main subnet (X0) for all of our Global VPN clients.  This was working, but now isn't.  When clients attempt to log in, they can authenticate, but get stuck on the Acquiring IP step.  If I look in the log, the furthest they get is the "DHCP DISCOVER received from remote device" step.  The IP is never sent to them.  Below is the set up:

I have a VLAN set up off of the X0 (LAN) interface.  The IP is 192.168.12.1 with a subnet mask of 255.255.255.0.
I have a Dynamic DHCP entry, enabled, using the interface including IPs 192.168.12.100-192.168.12.254 with gateway 192.168.12.1 using the VLAN interface.
The WAN Group VPN is set up for the Virtual Adapter to use DHCP Lease.
DHCP over VPN Central Gateway is set to Use Internal DHCP Server for Global VPN Clients with the relay IP set to 192.168.12.1.

I'm not sure where to go from here and SonicWALL support has been pretty much a waste of time.  Any ideas?

Thanks,
Christine
0
Comment
Question by:clarkincit
  • 3
  • 3
7 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33426730
So, you have an internal Windows server supplying an IP to your GVC clients?  I've only had problems with this.  I setup the Sonicwall to supply IP addresses.
0
 

Author Comment

by:clarkincit
ID: 33434648
No, we have the SonicWALL set up to serve the .12 subnet IPs via DHCP.  It's almost like the SonicWALL can't see the VLAN.  I've tried recreating it using a separate subnet and it still doesn't work.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33434928
Go to VPN > DHCP over VPN. Confirm Central Gateway then click Configure.  Confirm the following are set:

Check "Use Internal DHCP Server"
Check "For Global VPN Client"
Not Checked "For Remote Firewall"
Not Checked "Send DHCP requests to the server listed below"

Set the "Relay IP Address" to the gateway IP of the X0:V10 (or whatever the VLAN is) VLAN - 192.168.12.1.

Also, on the Local User account on the 3060 that I was using to authenticate, on the Users>Local Users screen, on the VPN Access configuration tab for that user, I allowed access to the following networks;

LAN Primary Subnet
X0:V10 (or whatever the VLAN is) Subnet

Hope it helps!
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:clarkincit
ID: 33446771
These are all done.  I'm really not sure what is going on here.  It is very strange.  It almost looks like it can't get to that DHCP range.  If I change it to use an IP in the LAN range (.1 subnet) or to use our internal DHCP server, it works.  We're running out of IPs and that is why we need this..
0
 

Author Comment

by:clarkincit
ID: 33488381
I gave up on getting this to work.  I decided to set one of our open ports up as a dummy LAN with the .12 subnet assigned to it and run DHCP off of there.  It appears to be working.

I  used directions above to make it work.

Thanks for your assistance!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33488781
That's a good idea.  Sorry the VLAN config didn't work.  Thanks for the points!
0
 
LVL 1

Expert Comment

by:pdmills12
ID: 39412817
I know this is an old thread, BUT, For what it's worth... I had the EXACT same scenario with my Sonicwall NSA-3500 and the Accepted Solution actually worked with my VLAN config!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now