?
Solved

Connecting to the internet through the Sonicwall Global VPN client

Posted on 2010-08-25
17
Medium Priority
?
851 Views
Last Modified: 2012-06-27
Here's what I'm trying to do - Site A has a point-to-point to Site B through an internal Cisco router.  GVC connects to site A Sonicwall, and I'd like to route traffic to Site B through the internal router.  

My GroupVPN config is set to Split Tunnels and Set Default  route as this gateway is checked.  I also have a route setup on the Sonicwall to route traffic to the PTP connection.  During this setup, I can access site B network resources, but the internet connection does not work.  
0
Comment
Question by:danmcf321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33522275
So, you have a GVC connected and can access internal network resources over the VPN, but the client can't access the Internet simultaneously?
0
 

Author Comment

by:danmcf321
ID: 33522438
Yes - that is correct.  By turning off "Set default route as this gateway" I can access the internet, and the internal network for Site A, but then I lose connectivity to Site B.  With that option turned on, I can access internet network of Site A and Site B, but lose ability to access the internet.
0
 

Author Comment

by:danmcf321
ID: 33522454
Sorry - i mistyped something from my prior post -  "With that option turned on, the GVC can access THE INTERNAL network of Site A and Site B, but lose ability to access the internet."
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 33

Expert Comment

by:digitap
ID: 33522777
OK...I understand what your describing.  You'd be best to leave that option turned off.  Now, we need to look at why you can't access Site B when it's turned off.

Is the remote network where the GVC connects the same IP network as Site B?  If you can access Site B with the gateway option enabled, then it's not a firewall or access rule issue.
0
 

Author Comment

by:danmcf321
ID: 33523096
They're on different subnets 192.168.0.x is site A and 192.168.1.x is site B.  I have a route set up on the Sonicwall on site A; 192.168.0.x traffic going to 192.168.1.x is routed through LAN side of a Cisco firewall - 192.168.0.200.  From the GVC, with the Set Default route off, I can ping 192.168.0.200, but can not ping anything on the 192.168.1.x network.  With it turned on, from the GVC, I can ping the 192.168.1.x network.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33523109
What's the IP network of the device that has the GVC installed?  When you indicate using the GVC, I assume you are at a remote site (hotel or home) and have a VPN connection back to Site A via the GVC.  Am I assuming correctly?
0
 

Author Comment

by:danmcf321
ID: 33523160
You are assuming correctly about the remote connectivity.  I am connecting from a remote connection outside of the LAN.  The GVC is given a DHCP address on the 192.168.0.x network.  The DHCP server is not hosted on the Sonicwall.  DHCP requests are relayed to a Windows DHCP server.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33523220
OK...then, my question is: what's the IP of the laptop where it is physically located?  Does that IP network match Site B?  You'll have an IP of the laptop where it's at and the IP assigned the GVC when it connects.  If the local IP of the laptop matches Site B, then it won't route Site B traffic over the VPN unless you say route ALL traffic over the VPN.
0
 

Author Comment

by:danmcf321
ID: 33524231
No, the local IP of the laptop does not match.  I
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532160
OK...let's confirm the networks the GVC users have access to.  Let me get to a place where I can pull some screen shots.
0
 

Author Comment

by:danmcf321
ID: 33534196
Were you asking me to take a screenshot of something?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33535385
I wanted to give you a screen shot of where to check...make sure the user group you are giving network access to over the VPN is the same group configured for XAuth on the GroupVPN.  Check out the screen shot I attached.

In my case, I created a group called RADIUSUsers.  I'm using RADIUS to auth my users to the VPN.  This group should be assigned all the internal networks you want your GVC users to have access to.  For me, I usually choose Firewalled Networks.
greenshot-2010-08-26-14-04-54.jpg
0
 

Author Comment

by:danmcf321
ID: 33560738
Let me check this now, and I will let you know the results.
0
 

Author Comment

by:danmcf321
ID: 33567900
The group is Trusted Users which is tied to All LDAP users.  It doesn't appear to be a GVC permission issue since I can access both LANs when the Default route is set.  What do we think as far as next steps?
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33568171
What networks is listed in the VPN access list for that group?  Identify the network(s) that is/are associated with that group.
0
 

Author Comment

by:danmcf321
ID: 33569859
That's it!  I went under the Local user group, configure and then VPN Access.  I added the remote subnet that I was trying to access.  Once added, i can ping the remote subnet.  Perfect, and thanks for you help.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33569928
no problem...it's helped me think about the GroupVPN SA and GVC connectivity.  the networks you add here add the routes via the gvc.  when you set the groupvpn to route all through gvc, then it works...obviously.  if you don't specify all the networks in the vpn group, then it won't add those routes when you connect via the gvc.  it's more the routes than "security" access...although, a small amount of security is implied if the routes aren't added, because you can't obviously access those networks.

Thanks for the points!

0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question