Solved

New Vlan's not routing through Sonicwall VPN

Posted on 2011-03-02
3
2,233 Views
1 Endorsement
Last Modified: 2012-05-11
The network that I have of 275+ computers and other network equipment was orginally programed by my predecessor on Vlan 1 with a /23.  Due to security concerns recently, I have been requested to create vlan's.  Internally through out my 26 switches and routers the new vlan's that i have created are routing and communicating perfectly.  The problem I have is anyone (especially administrators) connecting to our Sonicwall 4500 through the VPN client, it does not route through the VPN tunnel.  

In attempting to find the issue, the remote clients traceroute the path and it appears to route on the ISP's network.  I would post the traceroutes if you think you want them, but all of them black hole some where on the ISP network. The only possibility that i can find is that the Sonicwall is not allowing those subnets through.  I did create route statements for the subnets to point to my L3 switch that is being used as my default gateway and I am striking out.

Now to start with I want to use a class A (10.x.x.x) private subnet to use and carve out of that a /20 so that I can have room for future growth.  I have thought about the class B private subnets as an added option.  
1
Comment
Question by:jmhmis
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35017618
when you setup the WAN GroupVPN for GVC hosts, did you configure the allowed networks to include the VLAN'ed subnets? within Step 3. Setup User Accounts you'll find adding network access under the VPN Access tab (see the KB below). you'll want to include the address objects that represent the vlan'ed subnets.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507

also, what's handing out DHCP? the sonicwall or an internal server?

http://www.experts-exchange.com/viewArticle.jsp?articleID=4160
0
 

Author Comment

by:jmhmis
ID: 35017831
My internal server is handing out ip addresses, but I have not created a pool yet on the dhcp server.  

Answer to your first question, yes I have.  Looking at the link you provided I missed one aspect of it which was the "Client Authentication".  

Now I have a concern that if I enable the "Require authentication of VPN clients by XAUTH", will the other GVC hosts lose their connectivity into the network?  
0
 
LVL 33

Expert Comment

by:digitap
ID: 35018404
if you have not setup logins for them, yes. there are a couple of methods i've seen to deploy the gvc connection. exporting the session from the sonicwall and importing into the gvc. the other is using the method in the link above.

the link above allows the gvc to connect and download the connection particulars directly from the sonicwall. when you enable xauth, there is an assumption that all your users have a login.

when you make changes to the groupvpn on the sonicwall, the connections are reset and the new connection parameters are passed the gvc hosts. since you enabled xauth, the users will be prompted for a username and paqssword.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now