Connecting to the internet through the Sonicwall Global VPN client

Here's what I'm trying to do - Site A has a point-to-point to Site B through an internal Cisco router.  GVC connects to site A Sonicwall, and I'd like to route traffic to Site B through the internal router.  

My GroupVPN config is set to Split Tunnels and Set Default  route as this gateway is checked.  I also have a route setup on the Sonicwall to route traffic to the PTP connection.  During this setup, I can access site B network resources, but the internet connection does not work.  
danmcf321Asked:
Who is Participating?
 
digitapConnect With a Mentor Commented:
What networks is listed in the VPN access list for that group?  Identify the network(s) that is/are associated with that group.
0
 
digitapCommented:
So, you have a GVC connected and can access internal network resources over the VPN, but the client can't access the Internet simultaneously?
0
 
danmcf321Author Commented:
Yes - that is correct.  By turning off "Set default route as this gateway" I can access the internet, and the internal network for Site A, but then I lose connectivity to Site B.  With that option turned on, I can access internet network of Site A and Site B, but lose ability to access the internet.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
danmcf321Author Commented:
Sorry - i mistyped something from my prior post -  "With that option turned on, the GVC can access THE INTERNAL network of Site A and Site B, but lose ability to access the internet."
0
 
digitapCommented:
OK...I understand what your describing.  You'd be best to leave that option turned off.  Now, we need to look at why you can't access Site B when it's turned off.

Is the remote network where the GVC connects the same IP network as Site B?  If you can access Site B with the gateway option enabled, then it's not a firewall or access rule issue.
0
 
danmcf321Author Commented:
They're on different subnets 192.168.0.x is site A and 192.168.1.x is site B.  I have a route set up on the Sonicwall on site A; 192.168.0.x traffic going to 192.168.1.x is routed through LAN side of a Cisco firewall - 192.168.0.200.  From the GVC, with the Set Default route off, I can ping 192.168.0.200, but can not ping anything on the 192.168.1.x network.  With it turned on, from the GVC, I can ping the 192.168.1.x network.
0
 
digitapCommented:
What's the IP network of the device that has the GVC installed?  When you indicate using the GVC, I assume you are at a remote site (hotel or home) and have a VPN connection back to Site A via the GVC.  Am I assuming correctly?
0
 
danmcf321Author Commented:
You are assuming correctly about the remote connectivity.  I am connecting from a remote connection outside of the LAN.  The GVC is given a DHCP address on the 192.168.0.x network.  The DHCP server is not hosted on the Sonicwall.  DHCP requests are relayed to a Windows DHCP server.
0
 
digitapCommented:
OK...then, my question is: what's the IP of the laptop where it is physically located?  Does that IP network match Site B?  You'll have an IP of the laptop where it's at and the IP assigned the GVC when it connects.  If the local IP of the laptop matches Site B, then it won't route Site B traffic over the VPN unless you say route ALL traffic over the VPN.
0
 
danmcf321Author Commented:
No, the local IP of the laptop does not match.  I
0
 
digitapCommented:
OK...let's confirm the networks the GVC users have access to.  Let me get to a place where I can pull some screen shots.
0
 
danmcf321Author Commented:
Were you asking me to take a screenshot of something?
0
 
digitapCommented:
I wanted to give you a screen shot of where to check...make sure the user group you are giving network access to over the VPN is the same group configured for XAuth on the GroupVPN.  Check out the screen shot I attached.

In my case, I created a group called RADIUSUsers.  I'm using RADIUS to auth my users to the VPN.  This group should be assigned all the internal networks you want your GVC users to have access to.  For me, I usually choose Firewalled Networks.
greenshot-2010-08-26-14-04-54.jpg
0
 
danmcf321Author Commented:
Let me check this now, and I will let you know the results.
0
 
danmcf321Author Commented:
The group is Trusted Users which is tied to All LDAP users.  It doesn't appear to be a GVC permission issue since I can access both LANs when the Default route is set.  What do we think as far as next steps?
0
 
danmcf321Author Commented:
That's it!  I went under the Local user group, configure and then VPN Access.  I added the remote subnet that I was trying to access.  Once added, i can ping the remote subnet.  Perfect, and thanks for you help.
0
 
digitapCommented:
no problem...it's helped me think about the GroupVPN SA and GVC connectivity.  the networks you add here add the routes via the gvc.  when you set the groupvpn to route all through gvc, then it works...obviously.  if you don't specify all the networks in the vpn group, then it won't add those routes when you connect via the gvc.  it's more the routes than "security" access...although, a small amount of security is implied if the routes aren't added, because you can't obviously access those networks.

Thanks for the points!

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.