ProUAdmin
asked on
SonicWALL GroupVPN Clients in a Separate Subnet
Some of our remote users use the SonicWALL Global VPN Client to access our corporate network. On our SonicWALL Pro 3060 Enhanced we have the GroupVPN configured so the clients get IP addresses from our internal DHCP server. This works great.
My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
You can create a new DHCP scope on the Windows DHCP server and point to that within the sonicwall. Or, I use the WLAN DHCP scope on the sonicwall for my GVC users. It's a separate IP network and it's a little easier to manage security. It has it's own zone, etc., so security can be managed tighter.
ASKER
I know how to create second DHCP scope on my DHCP server, but how do I make the SonicWALL point to that specific scope and how do I prevent clients on my LAN from leasing IP's from it? How do you setup the WLAN DHCP scope for Global VPN clients?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Good suggestion, digitap. I just submitted a case with SonicWALL support. I'll post the results here.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I don't agree with the part about needing to be in the same subnet as the LAN address. However, that part is really irrelevant. Ultimately, you can't have multiple DHCP servers servicing GVC clients providing multiple subnet IP addresses to those GVC clients. However, you CAN create a DHCP scope on the sonicwall, point your GVC clients to it. Then, setup DHCP reservations based on the GVC mac.
Thanks for the points and answering a puzzling question.
Thanks for the points and answering a puzzling question.
This article from Sonicwall might help.
https://www.sonicwall.com/us/en/support/2213.html?fuzeurl=https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8024&SearchType=advanced&referrer=&status=&rfield=&sortmethod=rel&rpp=25&usertype=Consumer&formaction=search&keyword=many+wan+ip&vsn=&subcats=&start=26&match=and&catid=&submitbutton=Go
https://www.sonicwall.com/us/en/support/2213.html?fuzeurl=https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=8024&SearchType=advanced&referrer=&status=&rfield=&sortmethod=rel&rpp=25&usertype=Consumer&formaction=search&keyword=many+wan+ip&vsn=&subcats=&start=26&match=and&catid=&submitbutton=Go