Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

SonicWALL GroupVPN Clients in a Separate Subnet

Posted on 2010-09-09
Last Modified: 2013-09-16
Some of our remote users use the SonicWALL Global VPN Client to access our corporate network. On our SonicWALL Pro 3060 Enhanced we have the GroupVPN configured so the clients get IP addresses from our internal DHCP server. This works great.

My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
Question by:ProUAdmin
  • 3
  • 3
LVL 33

Expert Comment

ID: 33643568
You can create a new DHCP scope on the Windows DHCP server and point to that within the sonicwall.  Or, I use the WLAN DHCP scope on the sonicwall for my GVC users.  It's a separate IP network and it's a little easier to manage security.  It has it's own zone, etc., so security can be managed tighter.

Author Comment

ID: 33667923
I know how to create second DHCP scope on my DHCP server, but how do I make the SonicWALL point to that specific scope and how do I prevent clients on my LAN from leasing IP's from it? How do you setup the WLAN DHCP scope for Global VPN clients?
LVL 33

Assisted Solution

digitap earned 500 total points
ID: 33667938
yeah...that's the tricky part.  i've never thought of doing that before and certainly when you are in the DHCP over VPN section, you can add more than one DHCP server to the list.  I've not figured out how to do that just yet.  You've got me stumped at the moment, but I haven't stopped looking!  if you have support with sonicwall, you might hit them up about it.  i'd be interested in what they might have to say.
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Author Comment

ID: 33668021
Good suggestion, digitap. I just submitted a case with SonicWALL support. I'll post the results here.

Accepted Solution

ProUAdmin earned 0 total points
ID: 33696920
The SonicWALL guy said:

"I am contacting you about your service request for a DHCP lease for GVC clients. There were no notes on the case so I wasn’t sure if you had been assisted yet.

"Unfortunately the GVC clients connecting to the Sonicwall terminal on the LAN zone and use DHCP on that zone. It is not possible to have the DHCP server only give GVC users DHCP without also being available for the LAN clients.

"However, you can set the virtual adapter for the GVC to use a Static lease. Or create a static DHCP lease using the virtual adapter MAC address. Then the client would always get the same address. However, the address does have to be in the same subnet as the LAN address. And make sure any static addresses to not overlap with the dynamic DHCP scope."

So, the answer is no, this can't be done.
LVL 33

Expert Comment

ID: 33697252
I don't agree with the part about needing to be in the same subnet as the LAN address.  However, that part is really irrelevant.  Ultimately, you can't have multiple DHCP servers servicing GVC clients providing multiple subnet IP addresses to those GVC clients.  However, you CAN create a DHCP scope on the sonicwall, point your GVC clients to it.  Then, setup DHCP reservations based on the GVC mac.

Thanks for the points and answering a puzzling question.

Expert Comment

ID: 39498354

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question