Solved

New Vlan's not routing through Sonicwall VPN

Posted on 2011-03-02
3
2,285 Views
1 Endorsement
Last Modified: 2012-05-11
The network that I have of 275+ computers and other network equipment was orginally programed by my predecessor on Vlan 1 with a /23.  Due to security concerns recently, I have been requested to create vlan's.  Internally through out my 26 switches and routers the new vlan's that i have created are routing and communicating perfectly.  The problem I have is anyone (especially administrators) connecting to our Sonicwall 4500 through the VPN client, it does not route through the VPN tunnel.  

In attempting to find the issue, the remote clients traceroute the path and it appears to route on the ISP's network.  I would post the traceroutes if you think you want them, but all of them black hole some where on the ISP network. The only possibility that i can find is that the Sonicwall is not allowing those subnets through.  I did create route statements for the subnets to point to my L3 switch that is being used as my default gateway and I am striking out.

Now to start with I want to use a class A (10.x.x.x) private subnet to use and carve out of that a /20 so that I can have room for future growth.  I have thought about the class B private subnets as an added option.  
1
Comment
Question by:jmhmis
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35017618
when you setup the WAN GroupVPN for GVC hosts, did you configure the allowed networks to include the VLAN'ed subnets? within Step 3. Setup User Accounts you'll find adding network access under the VPN Access tab (see the KB below). you'll want to include the address objects that represent the vlan'ed subnets.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507

also, what's handing out DHCP? the sonicwall or an internal server?

http://www.experts-exchange.com/viewArticle.jsp?articleID=4160
0
 

Author Comment

by:jmhmis
ID: 35017831
My internal server is handing out ip addresses, but I have not created a pool yet on the dhcp server.  

Answer to your first question, yes I have.  Looking at the link you provided I missed one aspect of it which was the "Client Authentication".  

Now I have a concern that if I enable the "Require authentication of VPN clients by XAUTH", will the other GVC hosts lose their connectivity into the network?  
0
 
LVL 33

Expert Comment

by:digitap
ID: 35018404
if you have not setup logins for them, yes. there are a couple of methods i've seen to deploy the gvc connection. exporting the session from the sonicwall and importing into the gvc. the other is using the method in the link above.

the link above allows the gvc to connect and download the connection particulars directly from the sonicwall. when you enable xauth, there is an assumption that all your users have a login.

when you make changes to the groupvpn on the sonicwall, the connections are reset and the new connection parameters are passed the gvc hosts. since you enabled xauth, the users will be prompted for a username and paqssword.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now