Solved

Connecting to the internet through the Sonicwall Global VPN client

Posted on 2010-08-25
17
842 Views
Last Modified: 2012-06-27
Here's what I'm trying to do - Site A has a point-to-point to Site B through an internal Cisco router.  GVC connects to site A Sonicwall, and I'd like to route traffic to Site B through the internal router.  

My GroupVPN config is set to Split Tunnels and Set Default  route as this gateway is checked.  I also have a route setup on the Sonicwall to route traffic to the PTP connection.  During this setup, I can access site B network resources, but the internet connection does not work.  
0
Comment
Question by:danmcf321
  • 9
  • 8
17 Comments
 
LVL 33

Expert Comment

by:digitap
Comment Utility
So, you have a GVC connected and can access internal network resources over the VPN, but the client can't access the Internet simultaneously?
0
 

Author Comment

by:danmcf321
Comment Utility
Yes - that is correct.  By turning off "Set default route as this gateway" I can access the internet, and the internal network for Site A, but then I lose connectivity to Site B.  With that option turned on, I can access internet network of Site A and Site B, but lose ability to access the internet.
0
 

Author Comment

by:danmcf321
Comment Utility
Sorry - i mistyped something from my prior post -  "With that option turned on, the GVC can access THE INTERNAL network of Site A and Site B, but lose ability to access the internet."
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
OK...I understand what your describing.  You'd be best to leave that option turned off.  Now, we need to look at why you can't access Site B when it's turned off.

Is the remote network where the GVC connects the same IP network as Site B?  If you can access Site B with the gateway option enabled, then it's not a firewall or access rule issue.
0
 

Author Comment

by:danmcf321
Comment Utility
They're on different subnets 192.168.0.x is site A and 192.168.1.x is site B.  I have a route set up on the Sonicwall on site A; 192.168.0.x traffic going to 192.168.1.x is routed through LAN side of a Cisco firewall - 192.168.0.200.  From the GVC, with the Set Default route off, I can ping 192.168.0.200, but can not ping anything on the 192.168.1.x network.  With it turned on, from the GVC, I can ping the 192.168.1.x network.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
What's the IP network of the device that has the GVC installed?  When you indicate using the GVC, I assume you are at a remote site (hotel or home) and have a VPN connection back to Site A via the GVC.  Am I assuming correctly?
0
 

Author Comment

by:danmcf321
Comment Utility
You are assuming correctly about the remote connectivity.  I am connecting from a remote connection outside of the LAN.  The GVC is given a DHCP address on the 192.168.0.x network.  The DHCP server is not hosted on the Sonicwall.  DHCP requests are relayed to a Windows DHCP server.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
OK...then, my question is: what's the IP of the laptop where it is physically located?  Does that IP network match Site B?  You'll have an IP of the laptop where it's at and the IP assigned the GVC when it connects.  If the local IP of the laptop matches Site B, then it won't route Site B traffic over the VPN unless you say route ALL traffic over the VPN.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:danmcf321
Comment Utility
No, the local IP of the laptop does not match.  I
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
OK...let's confirm the networks the GVC users have access to.  Let me get to a place where I can pull some screen shots.
0
 

Author Comment

by:danmcf321
Comment Utility
Were you asking me to take a screenshot of something?
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
I wanted to give you a screen shot of where to check...make sure the user group you are giving network access to over the VPN is the same group configured for XAuth on the GroupVPN.  Check out the screen shot I attached.

In my case, I created a group called RADIUSUsers.  I'm using RADIUS to auth my users to the VPN.  This group should be assigned all the internal networks you want your GVC users to have access to.  For me, I usually choose Firewalled Networks.
greenshot-2010-08-26-14-04-54.jpg
0
 

Author Comment

by:danmcf321
Comment Utility
Let me check this now, and I will let you know the results.
0
 

Author Comment

by:danmcf321
Comment Utility
The group is Trusted Users which is tied to All LDAP users.  It doesn't appear to be a GVC permission issue since I can access both LANs when the Default route is set.  What do we think as far as next steps?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
What networks is listed in the VPN access list for that group?  Identify the network(s) that is/are associated with that group.
0
 

Author Comment

by:danmcf321
Comment Utility
That's it!  I went under the Local user group, configure and then VPN Access.  I added the remote subnet that I was trying to access.  Once added, i can ping the remote subnet.  Perfect, and thanks for you help.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
no problem...it's helped me think about the GroupVPN SA and GVC connectivity.  the networks you add here add the routes via the gvc.  when you set the groupvpn to route all through gvc, then it works...obviously.  if you don't specify all the networks in the vpn group, then it won't add those routes when you connect via the gvc.  it's more the routes than "security" access...although, a small amount of security is implied if the routes aren't added, because you can't obviously access those networks.

Thanks for the points!

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now