SonicWALL GroupVPN Clients in a Separate Subnet

Posted on 2010-09-09
Last Modified: 2013-09-16
Some of our remote users use the SonicWALL Global VPN Client to access our corporate network. On our SonicWALL Pro 3060 Enhanced we have the GroupVPN configured so the clients get IP addresses from our internal DHCP server. This works great.

My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
Question by:ProUAdmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 33

Expert Comment

ID: 33643568
You can create a new DHCP scope on the Windows DHCP server and point to that within the sonicwall.  Or, I use the WLAN DHCP scope on the sonicwall for my GVC users.  It's a separate IP network and it's a little easier to manage security.  It has it's own zone, etc., so security can be managed tighter.

Author Comment

ID: 33667923
I know how to create second DHCP scope on my DHCP server, but how do I make the SonicWALL point to that specific scope and how do I prevent clients on my LAN from leasing IP's from it? How do you setup the WLAN DHCP scope for Global VPN clients?
LVL 33

Assisted Solution

digitap earned 500 total points
ID: 33667938
yeah...that's the tricky part.  i've never thought of doing that before and certainly when you are in the DHCP over VPN section, you can add more than one DHCP server to the list.  I've not figured out how to do that just yet.  You've got me stumped at the moment, but I haven't stopped looking!  if you have support with sonicwall, you might hit them up about it.  i'd be interested in what they might have to say.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 33668021
Good suggestion, digitap. I just submitted a case with SonicWALL support. I'll post the results here.

Accepted Solution

ProUAdmin earned 0 total points
ID: 33696920
The SonicWALL guy said:

"I am contacting you about your service request for a DHCP lease for GVC clients. There were no notes on the case so I wasn’t sure if you had been assisted yet.

"Unfortunately the GVC clients connecting to the Sonicwall terminal on the LAN zone and use DHCP on that zone. It is not possible to have the DHCP server only give GVC users DHCP without also being available for the LAN clients.

"However, you can set the virtual adapter for the GVC to use a Static lease. Or create a static DHCP lease using the virtual adapter MAC address. Then the client would always get the same address. However, the address does have to be in the same subnet as the LAN address. And make sure any static addresses to not overlap with the dynamic DHCP scope."

So, the answer is no, this can't be done.
LVL 33

Expert Comment

ID: 33697252
I don't agree with the part about needing to be in the same subnet as the LAN address.  However, that part is really irrelevant.  Ultimately, you can't have multiple DHCP servers servicing GVC clients providing multiple subnet IP addresses to those GVC clients.  However, you CAN create a DHCP scope on the sonicwall, point your GVC clients to it.  Then, setup DHCP reservations based on the GVC mac.

Thanks for the points and answering a puzzling question.

Expert Comment

ID: 39498354

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSG50 Firewall Rules 17 55
SSL VPN to Fortigate 100D 2 32
New CLI Commands Needed for Cisco ASA 5506 5 64
Reconfigure Corporate IP Address Scheme 2 58
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question