Solved

Connecting to the internet through the Sonicwall Global VPN client

Posted on 2010-08-25
17
849 Views
Last Modified: 2012-06-27
Here's what I'm trying to do - Site A has a point-to-point to Site B through an internal Cisco router.  GVC connects to site A Sonicwall, and I'd like to route traffic to Site B through the internal router.  

My GroupVPN config is set to Split Tunnels and Set Default  route as this gateway is checked.  I also have a route setup on the Sonicwall to route traffic to the PTP connection.  During this setup, I can access site B network resources, but the internet connection does not work.  
0
Comment
Question by:danmcf321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33522275
So, you have a GVC connected and can access internal network resources over the VPN, but the client can't access the Internet simultaneously?
0
 

Author Comment

by:danmcf321
ID: 33522438
Yes - that is correct.  By turning off "Set default route as this gateway" I can access the internet, and the internal network for Site A, but then I lose connectivity to Site B.  With that option turned on, I can access internet network of Site A and Site B, but lose ability to access the internet.
0
 

Author Comment

by:danmcf321
ID: 33522454
Sorry - i mistyped something from my prior post -  "With that option turned on, the GVC can access THE INTERNAL network of Site A and Site B, but lose ability to access the internet."
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 33

Expert Comment

by:digitap
ID: 33522777
OK...I understand what your describing.  You'd be best to leave that option turned off.  Now, we need to look at why you can't access Site B when it's turned off.

Is the remote network where the GVC connects the same IP network as Site B?  If you can access Site B with the gateway option enabled, then it's not a firewall or access rule issue.
0
 

Author Comment

by:danmcf321
ID: 33523096
They're on different subnets 192.168.0.x is site A and 192.168.1.x is site B.  I have a route set up on the Sonicwall on site A; 192.168.0.x traffic going to 192.168.1.x is routed through LAN side of a Cisco firewall - 192.168.0.200.  From the GVC, with the Set Default route off, I can ping 192.168.0.200, but can not ping anything on the 192.168.1.x network.  With it turned on, from the GVC, I can ping the 192.168.1.x network.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33523109
What's the IP network of the device that has the GVC installed?  When you indicate using the GVC, I assume you are at a remote site (hotel or home) and have a VPN connection back to Site A via the GVC.  Am I assuming correctly?
0
 

Author Comment

by:danmcf321
ID: 33523160
You are assuming correctly about the remote connectivity.  I am connecting from a remote connection outside of the LAN.  The GVC is given a DHCP address on the 192.168.0.x network.  The DHCP server is not hosted on the Sonicwall.  DHCP requests are relayed to a Windows DHCP server.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33523220
OK...then, my question is: what's the IP of the laptop where it is physically located?  Does that IP network match Site B?  You'll have an IP of the laptop where it's at and the IP assigned the GVC when it connects.  If the local IP of the laptop matches Site B, then it won't route Site B traffic over the VPN unless you say route ALL traffic over the VPN.
0
 

Author Comment

by:danmcf321
ID: 33524231
No, the local IP of the laptop does not match.  I
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532160
OK...let's confirm the networks the GVC users have access to.  Let me get to a place where I can pull some screen shots.
0
 

Author Comment

by:danmcf321
ID: 33534196
Were you asking me to take a screenshot of something?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33535385
I wanted to give you a screen shot of where to check...make sure the user group you are giving network access to over the VPN is the same group configured for XAuth on the GroupVPN.  Check out the screen shot I attached.

In my case, I created a group called RADIUSUsers.  I'm using RADIUS to auth my users to the VPN.  This group should be assigned all the internal networks you want your GVC users to have access to.  For me, I usually choose Firewalled Networks.
greenshot-2010-08-26-14-04-54.jpg
0
 

Author Comment

by:danmcf321
ID: 33560738
Let me check this now, and I will let you know the results.
0
 

Author Comment

by:danmcf321
ID: 33567900
The group is Trusted Users which is tied to All LDAP users.  It doesn't appear to be a GVC permission issue since I can access both LANs when the Default route is set.  What do we think as far as next steps?
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33568171
What networks is listed in the VPN access list for that group?  Identify the network(s) that is/are associated with that group.
0
 

Author Comment

by:danmcf321
ID: 33569859
That's it!  I went under the Local user group, configure and then VPN Access.  I added the remote subnet that I was trying to access.  Once added, i can ping the remote subnet.  Perfect, and thanks for you help.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33569928
no problem...it's helped me think about the GroupVPN SA and GVC connectivity.  the networks you add here add the routes via the gvc.  when you set the groupvpn to route all through gvc, then it works...obviously.  if you don't specify all the networks in the vpn group, then it won't add those routes when you connect via the gvc.  it's more the routes than "security" access...although, a small amount of security is implied if the routes aren't added, because you can't obviously access those networks.

Thanks for the points!

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network over eigrp 100 topology ? 3 89
BGP Local Preference 5 74
ACL not working 11 62
Windows 10 - Cisco Anyconnect Secure Mobility Client requires a reboot 6 127
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question