Solved

SonicWALL Global VPN DHCP over VLAN issues

Posted on 2010-08-12
7
3,080 Views
Last Modified: 2013-08-15
Hello,

I am having an issue with our SonicWALL Pro 4100.  I am attempting to set up DHCP over a VLAN on our main subnet (X0) for all of our Global VPN clients.  This was working, but now isn't.  When clients attempt to log in, they can authenticate, but get stuck on the Acquiring IP step.  If I look in the log, the furthest they get is the "DHCP DISCOVER received from remote device" step.  The IP is never sent to them.  Below is the set up:

I have a VLAN set up off of the X0 (LAN) interface.  The IP is 192.168.12.1 with a subnet mask of 255.255.255.0.
I have a Dynamic DHCP entry, enabled, using the interface including IPs 192.168.12.100-192.168.12.254 with gateway 192.168.12.1 using the VLAN interface.
The WAN Group VPN is set up for the Virtual Adapter to use DHCP Lease.
DHCP over VPN Central Gateway is set to Use Internal DHCP Server for Global VPN Clients with the relay IP set to 192.168.12.1.

I'm not sure where to go from here and SonicWALL support has been pretty much a waste of time.  Any ideas?

Thanks,
Christine
0
Comment
Question by:clarkincit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33426730
So, you have an internal Windows server supplying an IP to your GVC clients?  I've only had problems with this.  I setup the Sonicwall to supply IP addresses.
0
 

Author Comment

by:clarkincit
ID: 33434648
No, we have the SonicWALL set up to serve the .12 subnet IPs via DHCP.  It's almost like the SonicWALL can't see the VLAN.  I've tried recreating it using a separate subnet and it still doesn't work.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33434928
Go to VPN > DHCP over VPN. Confirm Central Gateway then click Configure.  Confirm the following are set:

Check "Use Internal DHCP Server"
Check "For Global VPN Client"
Not Checked "For Remote Firewall"
Not Checked "Send DHCP requests to the server listed below"

Set the "Relay IP Address" to the gateway IP of the X0:V10 (or whatever the VLAN is) VLAN - 192.168.12.1.

Also, on the Local User account on the 3060 that I was using to authenticate, on the Users>Local Users screen, on the VPN Access configuration tab for that user, I allowed access to the following networks;

LAN Primary Subnet
X0:V10 (or whatever the VLAN is) Subnet

Hope it helps!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:clarkincit
ID: 33446771
These are all done.  I'm really not sure what is going on here.  It is very strange.  It almost looks like it can't get to that DHCP range.  If I change it to use an IP in the LAN range (.1 subnet) or to use our internal DHCP server, it works.  We're running out of IPs and that is why we need this..
0
 

Author Comment

by:clarkincit
ID: 33488381
I gave up on getting this to work.  I decided to set one of our open ports up as a dummy LAN with the .12 subnet assigned to it and run DHCP off of there.  It appears to be working.

I  used directions above to make it work.

Thanks for your assistance!
0
 
LVL 33

Expert Comment

by:digitap
ID: 33488781
That's a good idea.  Sorry the VLAN config didn't work.  Thanks for the points!
0
 
LVL 1

Expert Comment

by:pdmills12
ID: 39412817
I know this is an old thread, BUT, For what it's worth... I had the EXACT same scenario with my Sonicwall NSA-3500 and the Accepted Solution actually worked with my VLAN config!
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question