We are attempting to force traffic over a (second) VPN from an outside agency. We re running a SonicWall NSA 240 and the agency is running a Cisco device. The connection between us has been successfully established but, for example, FTP traffic never reaches the intended server. Here are the particulars:
a. the VPN is established.
b. The agency NATs all of their outbound traffic over a single IP
c. The FTP server works over our own VPN or, if I turn it on, over the WAN interface. Accordingly, it also works for the agency (no surprise there) if that access rule is activated.
d. An access rule (network) has been created to support the NAT-ed address over the VPN
e. A firewall access rule has been created for: VPN > LAN and VPN > WAN to the host for the agency network as well as VPN <-> WAN (X1 Subnet, both ways) to support the agency VPN connection.
f. The appropriate protocols have been activated on the host and have been tested.
The agency performed a TRACERT and it would seem that they can get to our system, but I’m not seeing it on the firewall logs. They are reporting “connection refused”.
It would seem that we’re missing something simple. I compared the settings with our existing VPN, and all is accounted for. The biggest difference is that they are NAT-ing to a single address. Further, I’m not sure that will work when we bring on clients to access our applications.
Thanking you in advance for your insight. Greatly appreciated.