Solved

New Vlan's not routing through Sonicwall VPN

Posted on 2011-03-02
3
2,344 Views
1 Endorsement
Last Modified: 2012-05-11
The network that I have of 275+ computers and other network equipment was orginally programed by my predecessor on Vlan 1 with a /23.  Due to security concerns recently, I have been requested to create vlan's.  Internally through out my 26 switches and routers the new vlan's that i have created are routing and communicating perfectly.  The problem I have is anyone (especially administrators) connecting to our Sonicwall 4500 through the VPN client, it does not route through the VPN tunnel.  

In attempting to find the issue, the remote clients traceroute the path and it appears to route on the ISP's network.  I would post the traceroutes if you think you want them, but all of them black hole some where on the ISP network. The only possibility that i can find is that the Sonicwall is not allowing those subnets through.  I did create route statements for the subnets to point to my L3 switch that is being used as my default gateway and I am striking out.

Now to start with I want to use a class A (10.x.x.x) private subnet to use and carve out of that a /20 so that I can have room for future growth.  I have thought about the class B private subnets as an added option.  
1
Comment
Question by:jmhmis
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35017618
when you setup the WAN GroupVPN for GVC hosts, did you configure the allowed networks to include the VLAN'ed subnets? within Step 3. Setup User Accounts you'll find adding network access under the VPN Access tab (see the KB below). you'll want to include the address objects that represent the vlan'ed subnets.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507

also, what's handing out DHCP? the sonicwall or an internal server?

http://www.experts-exchange.com/viewArticle.jsp?articleID=4160
0
 

Author Comment

by:jmhmis
ID: 35017831
My internal server is handing out ip addresses, but I have not created a pool yet on the dhcp server.  

Answer to your first question, yes I have.  Looking at the link you provided I missed one aspect of it which was the "Client Authentication".  

Now I have a concern that if I enable the "Require authentication of VPN clients by XAUTH", will the other GVC hosts lose their connectivity into the network?  
0
 
LVL 33

Expert Comment

by:digitap
ID: 35018404
if you have not setup logins for them, yes. there are a couple of methods i've seen to deploy the gvc connection. exporting the session from the sonicwall and importing into the gvc. the other is using the method in the link above.

the link above allows the gvc to connect and download the connection particulars directly from the sonicwall. when you enable xauth, there is an assumption that all your users have a login.

when you make changes to the groupvpn on the sonicwall, the connections are reset and the new connection parameters are passed the gvc hosts. since you enabled xauth, the users will be prompted for a username and paqssword.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question