Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3341
  • Last Modified:

SonicWALL Global VPN DHCP over VLAN issues

Hello,

I am having an issue with our SonicWALL Pro 4100.  I am attempting to set up DHCP over a VLAN on our main subnet (X0) for all of our Global VPN clients.  This was working, but now isn't.  When clients attempt to log in, they can authenticate, but get stuck on the Acquiring IP step.  If I look in the log, the furthest they get is the "DHCP DISCOVER received from remote device" step.  The IP is never sent to them.  Below is the set up:

I have a VLAN set up off of the X0 (LAN) interface.  The IP is 192.168.12.1 with a subnet mask of 255.255.255.0.
I have a Dynamic DHCP entry, enabled, using the interface including IPs 192.168.12.100-192.168.12.254 with gateway 192.168.12.1 using the VLAN interface.
The WAN Group VPN is set up for the Virtual Adapter to use DHCP Lease.
DHCP over VPN Central Gateway is set to Use Internal DHCP Server for Global VPN Clients with the relay IP set to 192.168.12.1.

I'm not sure where to go from here and SonicWALL support has been pretty much a waste of time.  Any ideas?

Thanks,
Christine
0
clarkincit
Asked:
clarkincit
  • 3
  • 3
1 Solution
 
digitapCommented:
So, you have an internal Windows server supplying an IP to your GVC clients?  I've only had problems with this.  I setup the Sonicwall to supply IP addresses.
0
 
clarkincitAuthor Commented:
No, we have the SonicWALL set up to serve the .12 subnet IPs via DHCP.  It's almost like the SonicWALL can't see the VLAN.  I've tried recreating it using a separate subnet and it still doesn't work.
0
 
digitapCommented:
Go to VPN > DHCP over VPN. Confirm Central Gateway then click Configure.  Confirm the following are set:

Check "Use Internal DHCP Server"
Check "For Global VPN Client"
Not Checked "For Remote Firewall"
Not Checked "Send DHCP requests to the server listed below"

Set the "Relay IP Address" to the gateway IP of the X0:V10 (or whatever the VLAN is) VLAN - 192.168.12.1.

Also, on the Local User account on the 3060 that I was using to authenticate, on the Users>Local Users screen, on the VPN Access configuration tab for that user, I allowed access to the following networks;

LAN Primary Subnet
X0:V10 (or whatever the VLAN is) Subnet

Hope it helps!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
clarkincitAuthor Commented:
These are all done.  I'm really not sure what is going on here.  It is very strange.  It almost looks like it can't get to that DHCP range.  If I change it to use an IP in the LAN range (.1 subnet) or to use our internal DHCP server, it works.  We're running out of IPs and that is why we need this..
0
 
clarkincitAuthor Commented:
I gave up on getting this to work.  I decided to set one of our open ports up as a dummy LAN with the .12 subnet assigned to it and run DHCP off of there.  It appears to be working.

I  used directions above to make it work.

Thanks for your assistance!
0
 
digitapCommented:
That's a good idea.  Sorry the VLAN config didn't work.  Thanks for the points!
0
 
pdmills12Commented:
I know this is an old thread, BUT, For what it's worth... I had the EXACT same scenario with my Sonicwall NSA-3500 and the Accepted Solution actually worked with my VLAN config!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now