Solved

SonicWALL GroupVPN Clients in a Separate Subnet

Posted on 2010-09-09
7
2,181 Views
Last Modified: 2013-09-16
Some of our remote users use the SonicWALL Global VPN Client to access our corporate network. On our SonicWALL Pro 3060 Enhanced we have the GroupVPN configured so the clients get IP addresses from our internal DHCP server. This works great.

My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
0
Comment
Question by:ProUAdmin
  • 3
  • 3
7 Comments
 
LVL 33

Expert Comment

by:digitap
Comment Utility
You can create a new DHCP scope on the Windows DHCP server and point to that within the sonicwall.  Or, I use the WLAN DHCP scope on the sonicwall for my GVC users.  It's a separate IP network and it's a little easier to manage security.  It has it's own zone, etc., so security can be managed tighter.
0
 

Author Comment

by:ProUAdmin
Comment Utility
I know how to create second DHCP scope on my DHCP server, but how do I make the SonicWALL point to that specific scope and how do I prevent clients on my LAN from leasing IP's from it? How do you setup the WLAN DHCP scope for Global VPN clients?
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 500 total points
Comment Utility
yeah...that's the tricky part.  i've never thought of doing that before and certainly when you are in the DHCP over VPN section, you can add more than one DHCP server to the list.  I've not figured out how to do that just yet.  You've got me stumped at the moment, but I haven't stopped looking!  if you have support with sonicwall, you might hit them up about it.  i'd be interested in what they might have to say.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ProUAdmin
Comment Utility
Good suggestion, digitap. I just submitted a case with SonicWALL support. I'll post the results here.
0
 

Accepted Solution

by:
ProUAdmin earned 0 total points
Comment Utility
The SonicWALL guy said:

"I am contacting you about your service request for a DHCP lease for GVC clients. There were no notes on the case so I wasn’t sure if you had been assisted yet.

"Unfortunately the GVC clients connecting to the Sonicwall terminal on the LAN zone and use DHCP on that zone. It is not possible to have the DHCP server only give GVC users DHCP without also being available for the LAN clients.

"However, you can set the virtual adapter for the GVC to use a Static lease. Or create a static DHCP lease using the virtual adapter MAC address. Then the client would always get the same address. However, the address does have to be in the same subnet as the LAN address. And make sure any static addresses to not overlap with the dynamic DHCP scope."

So, the answer is no, this can't be done.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
I don't agree with the part about needing to be in the same subnet as the LAN address.  However, that part is really irrelevant.  Ultimately, you can't have multiple DHCP servers servicing GVC clients providing multiple subnet IP addresses to those GVC clients.  However, you CAN create a DHCP scope on the sonicwall, point your GVC clients to it.  Then, setup DHCP reservations based on the GVC mac.


Thanks for the points and answering a puzzling question.
0
 

Expert Comment

by:Mike
Comment Utility
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now