[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

New Vlan's not routing through Sonicwall VPN

Posted on 2011-03-02
3
Medium Priority
?
2,518 Views
1 Endorsement
Last Modified: 2012-05-11
The network that I have of 275+ computers and other network equipment was orginally programed by my predecessor on Vlan 1 with a /23.  Due to security concerns recently, I have been requested to create vlan's.  Internally through out my 26 switches and routers the new vlan's that i have created are routing and communicating perfectly.  The problem I have is anyone (especially administrators) connecting to our Sonicwall 4500 through the VPN client, it does not route through the VPN tunnel.  

In attempting to find the issue, the remote clients traceroute the path and it appears to route on the ISP's network.  I would post the traceroutes if you think you want them, but all of them black hole some where on the ISP network. The only possibility that i can find is that the Sonicwall is not allowing those subnets through.  I did create route statements for the subnets to point to my L3 switch that is being used as my default gateway and I am striking out.

Now to start with I want to use a class A (10.x.x.x) private subnet to use and carve out of that a /20 so that I can have room for future growth.  I have thought about the class B private subnets as an added option.  
1
Comment
Question by:jmhmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 35017618
when you setup the WAN GroupVPN for GVC hosts, did you configure the allowed networks to include the VLAN'ed subnets? within Step 3. Setup User Accounts you'll find adding network access under the VPN Access tab (see the KB below). you'll want to include the address objects that represent the vlan'ed subnets.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7507

also, what's handing out DHCP? the sonicwall or an internal server?

http://www.experts-exchange.com/viewArticle.jsp?articleID=4160
0
 

Author Comment

by:jmhmis
ID: 35017831
My internal server is handing out ip addresses, but I have not created a pool yet on the dhcp server.  

Answer to your first question, yes I have.  Looking at the link you provided I missed one aspect of it which was the "Client Authentication".  

Now I have a concern that if I enable the "Require authentication of VPN clients by XAUTH", will the other GVC hosts lose their connectivity into the network?  
0
 
LVL 33

Expert Comment

by:digitap
ID: 35018404
if you have not setup logins for them, yes. there are a couple of methods i've seen to deploy the gvc connection. exporting the session from the sonicwall and importing into the gvc. the other is using the method in the link above.

the link above allows the gvc to connect and download the connection particulars directly from the sonicwall. when you enable xauth, there is an assumption that all your users have a login.

when you make changes to the groupvpn on the sonicwall, the connections are reset and the new connection parameters are passed the gvc hosts. since you enabled xauth, the users will be prompted for a username and paqssword.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question