Solved

Sonicwall SSL vpn multiple sites.

Posted on 2011-03-17
7
509 Views
Last Modified: 2012-05-11
Hello, currently have two different sites at opposite ends of the country. They have a site to site VPN setup so it works fine in the office, but the SSL client having a few issues with.

Site A: hosts their exchange and other programs

Site B: Uses site A: for everything except their documents.

Site A: address is 192.9.200.*
Site B: address is 192.168.40.*

Basically the SSL vpn assigns a address ranging from 192.9.200.50 - 80.

What I need to know is how do I set it up so the Site b: users can access their server on the 192.168.40 network.


Many thanks.

0
Comment
Question by:grizz3210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35159859
so, you want Site B users to connect to the ssl-vpn to site A, then access their documents on Site B servers over the vpn that's established between site A and site B?
0
 

Author Comment

by:grizz3210
ID: 35164184
Site B users can connect to the SSL vpn and access all of site A: (crm, email etc as this is where it is hosted), but they need to be able to access their own server for their documents which is on a different IP range.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35165678
OK...i understand. there are two parts to this.

first, you'll need to make sure that your site to site vpn includes the subnet that your ssl-vpn users are on, if it's different from the site A LAN.

second, you'll need to add site B subnet to the ssl-vpn group Site B users are a member of. you should have a Local Group on the ssl-vpn, default or otherwise, that your Local Users are a member of. on the policies tab of the local group, you see where to Site B subnet.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:grizz3210
ID: 35167279
The site to site vpns are fine. When they are in the office they can both access each others servers with no problems.

The SSL vpn client comes from Sonicwall site A: Site B: sonicwall is just used for the site to site vpn, not the SSL one, so when all users login be it site a or site b, they all get assigned an address from site a: consisting of 192.9.200.50-80

They can then all access everything from site A: which is fine. What I need is for them to be able to access site b: documents on the 192.168.40.0 scope when connected to the SSL vpn.

I've made sure what you said is correct, but still cannot ping the server address of site b unfortunately.

0
 
LVL 33

Expert Comment

by:digitap
ID: 35167395
what subnets are defined to go over the vpn between site a and site b?
0
 

Author Comment

by:grizz3210
ID: 35167497
They both use 255.255.255.0 so not sure if that is causing the issue.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35168880
that's just the subnet mask. is 192.9.200.0/24 and 192.168.40.0/24 the only subnets allowed over the vpn? what ip address do your ssl-vpn users get? if THAT ip address isn't added to the vpn policy between site A and site B, then your site B users are NOT going to be able to access their servers from the ssl-vpn connection. even if you add that to the policy of the local group on the ssl-vpn appliance.

when site B users try to access their subnet from the ssl-vpn, they'll hit the site A sonicwall which will look at the IP address their coming from. it will then look at the vpn policy. if it doesn't say that ssl-vpn users on that subnet are allowed over the vpn, then access will stop.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Question 7 44
is there a way through SCCM or otherwise to query all laptops only connecting through VPN? 1 40
Bandwidth cap???? 8 63
Router speed limit 7 66
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question