SonicWALL GroupVPN Clients in a Separate Subnet

Some of our remote users use the SonicWALL Global VPN Client to access our corporate network. On our SonicWALL Pro 3060 Enhanced we have the GroupVPN configured so the clients get IP addresses from our internal DHCP server. This works great.

My question is can we create a separate subnet just for VPN clients? Ideally, I would like to use the same DHCP server, just with a different scope for the other subnet. The router between the two subnets (the SonicWALL itself?) would forward requests to the DHCP server.
Who is Participating?
ProUAdminConnect With a Mentor Author Commented:
The SonicWALL guy said:

"I am contacting you about your service request for a DHCP lease for GVC clients. There were no notes on the case so I wasn’t sure if you had been assisted yet.

"Unfortunately the GVC clients connecting to the Sonicwall terminal on the LAN zone and use DHCP on that zone. It is not possible to have the DHCP server only give GVC users DHCP without also being available for the LAN clients.

"However, you can set the virtual adapter for the GVC to use a Static lease. Or create a static DHCP lease using the virtual adapter MAC address. Then the client would always get the same address. However, the address does have to be in the same subnet as the LAN address. And make sure any static addresses to not overlap with the dynamic DHCP scope."

So, the answer is no, this can't be done.
You can create a new DHCP scope on the Windows DHCP server and point to that within the sonicwall.  Or, I use the WLAN DHCP scope on the sonicwall for my GVC users.  It's a separate IP network and it's a little easier to manage security.  It has it's own zone, etc., so security can be managed tighter.
ProUAdminAuthor Commented:
I know how to create second DHCP scope on my DHCP server, but how do I make the SonicWALL point to that specific scope and how do I prevent clients on my LAN from leasing IP's from it? How do you setup the WLAN DHCP scope for Global VPN clients?
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

digitapConnect With a Mentor Commented:
yeah...that's the tricky part.  i've never thought of doing that before and certainly when you are in the DHCP over VPN section, you can add more than one DHCP server to the list.  I've not figured out how to do that just yet.  You've got me stumped at the moment, but I haven't stopped looking!  if you have support with sonicwall, you might hit them up about it.  i'd be interested in what they might have to say.
ProUAdminAuthor Commented:
Good suggestion, digitap. I just submitted a case with SonicWALL support. I'll post the results here.
I don't agree with the part about needing to be in the same subnet as the LAN address.  However, that part is really irrelevant.  Ultimately, you can't have multiple DHCP servers servicing GVC clients providing multiple subnet IP addresses to those GVC clients.  However, you CAN create a DHCP scope on the sonicwall, point your GVC clients to it.  Then, setup DHCP reservations based on the GVC mac.

Thanks for the points and answering a puzzling question.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.