Solved

New Vlan's not routing through Sonicwall VPN

Posted on 2011-03-02
3
2,382 Views
1 Endorsement
Last Modified: 2012-05-11
The network that I have of 275+ computers and other network equipment was orginally programed by my predecessor on Vlan 1 with a /23.  Due to security concerns recently, I have been requested to create vlan's.  Internally through out my 26 switches and routers the new vlan's that i have created are routing and communicating perfectly.  The problem I have is anyone (especially administrators) connecting to our Sonicwall 4500 through the VPN client, it does not route through the VPN tunnel.  

In attempting to find the issue, the remote clients traceroute the path and it appears to route on the ISP's network.  I would post the traceroutes if you think you want them, but all of them black hole some where on the ISP network. The only possibility that i can find is that the Sonicwall is not allowing those subnets through.  I did create route statements for the subnets to point to my L3 switch that is being used as my default gateway and I am striking out.

Now to start with I want to use a class A (10.x.x.x) private subnet to use and carve out of that a /20 so that I can have room for future growth.  I have thought about the class B private subnets as an added option.  
1
Comment
Question by:jmhmis
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35017618
when you setup the WAN GroupVPN for GVC hosts, did you configure the allowed networks to include the VLAN'ed subnets? within Step 3. Setup User Accounts you'll find adding network access under the VPN Access tab (see the KB below). you'll want to include the address objects that represent the vlan'ed subnets.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507

also, what's handing out DHCP? the sonicwall or an internal server?

http://www.experts-exchange.com/viewArticle.jsp?articleID=4160
0
 

Author Comment

by:jmhmis
ID: 35017831
My internal server is handing out ip addresses, but I have not created a pool yet on the dhcp server.  

Answer to your first question, yes I have.  Looking at the link you provided I missed one aspect of it which was the "Client Authentication".  

Now I have a concern that if I enable the "Require authentication of VPN clients by XAUTH", will the other GVC hosts lose their connectivity into the network?  
0
 
LVL 33

Expert Comment

by:digitap
ID: 35018404
if you have not setup logins for them, yes. there are a couple of methods i've seen to deploy the gvc connection. exporting the session from the sonicwall and importing into the gvc. the other is using the method in the link above.

the link above allows the gvc to connect and download the connection particulars directly from the sonicwall. when you enable xauth, there is an assumption that all your users have a login.

when you make changes to the groupvpn on the sonicwall, the connections are reset and the new connection parameters are passed the gvc hosts. since you enabled xauth, the users will be prompted for a username and paqssword.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 Migration to O365 6 37
EXCHANGE 8 29
Windows server 2008 exchange 3 25
Problems with VPN 4 26
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question