Sid_F
asked on
Send all internet traffic through sonicwall vpn
I have created a dialup vpn to a sonciwall tz 210 which works fine, I want to route all internet traffic for the vpn client through the vpn. So no internet browsing is done locally once the vpn is active. I have edited the vpn policy and in client settings set "allow connection to this gate only" and set "Set Default Route as this Gateway"
When clients connect up they are unable to browse the web. When I do an nslookup it gives me the dns of the remote firewall so I know its partly working. Is there something else I need to do to allow this?
When clients connect up they are unable to browse the web. When I do an nslookup it gives me the dns of the remote firewall so I know its partly working. Is there something else I need to do to allow this?
digitap
based on the information in your question, you've already configured route all. is this how you originally configured the clients?
Check both your inbound and outbound firewall policies..
Also perform a tracetoute from the client to see where the traffic stops.
Also perform a tracetoute from the client to see where the traffic stops.
You need to set up rules on the firewall to 'trombone' - allow the VPN traffic back out through the firewall.
Note: Only SonicWALL appliances running SonicOS Enhanced can route all internet traffic from the Global VPN Client through the VPN tunnel without help. Appliances running SonicOS Standard and Firmware 6.x require a second internet gateway device on the SonicWALL LAN to accept the internet traffic.
To access the Internet through the Sonicwall while connected through Sonicwall Global VPN Client (route all tunnel), follow these steps:
Sonic Standard firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1. Click the Advanced tab. Set Default Gateway to the IP address of a LAN based router / second Firewall.
2. Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways.
3. Check Set Default Route as this Gateway.
4. Click OK.
5. Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
6. Close the Sonicwall Global VPN Client application (from system tray as well).
7. Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
Sonic Enhanced firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1. Click the Advanced tab. Set Default Gateway 0.0.0.0.
2. Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways
3. Check Set Default Route as this Gateway.
4. Click OK.
5. If DHCP over VPN is used:
1. Add a NAT policy:
2. Original Source: Vpn DHCP Clients
3. Translated Source: WAN Primary IP
4. Original Destination: Any
5. Translated Destination: Original
6. Original Service: Any
7. Translated Service: Original
8. Inbound Interface: Any
9. For the OutBound Interface select the Primary WAN port
10. Set Enable NAT Policy
11. Do NOT set Create a reflexive policy
12. Click OK.
6. if DHCP over VPN is not used:
1. Go to the NAT Policy Table
2. Locate the default Policy with Original Source: Any and Translated Source: WAN Primary IP the Sonicwall has created for Inbound Interface is LAN Port and Outbound Interface is WAN port
3. Edit this rule
4. Change Inbound Interface to Any
5. Be careful with this in case a NON Natted DMZ port is used
7. Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
8. Close the Sonicwall Global VPN Client application (from system tray as well).
9. Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
Note: Only SonicWALL appliances running SonicOS Enhanced can route all internet traffic from the Global VPN Client through the VPN tunnel without help. Appliances running SonicOS Standard and Firmware 6.x require a second internet gateway device on the SonicWALL LAN to accept the internet traffic.
To access the Internet through the Sonicwall while connected through Sonicwall Global VPN Client (route all tunnel), follow these steps:
Sonic Standard firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1. Click the Advanced tab. Set Default Gateway to the IP address of a LAN based router / second Firewall.
2. Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways.
3. Check Set Default Route as this Gateway.
4. Click OK.
5. Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
6. Close the Sonicwall Global VPN Client application (from system tray as well).
7. Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
Sonic Enhanced firmware:
The VPN > Settings page provides the Sonicwall features for configuring your VPN policies. You configure site-to-site VPN policies and GroupVPN policies from this page. Click the Edit icon for the GroupVPN entry. The VPN Policy window is displayed.
1. Click the Advanced tab. Set Default Gateway 0.0.0.0.
2. Click the Client tab. Set Allow Connections to - This Gateway Only or All Secured Gateways
3. Check Set Default Route as this Gateway.
4. Click OK.
5. If DHCP over VPN is used:
1. Add a NAT policy:
2. Original Source: Vpn DHCP Clients
3. Translated Source: WAN Primary IP
4. Original Destination: Any
5. Translated Destination: Original
6. Original Service: Any
7. Translated Service: Original
8. Inbound Interface: Any
9. For the OutBound Interface select the Primary WAN port
10. Set Enable NAT Policy
11. Do NOT set Create a reflexive policy
12. Click OK.
6. if DHCP over VPN is not used:
1. Go to the NAT Policy Table
2. Locate the default Policy with Original Source: Any and Translated Source: WAN Primary IP the Sonicwall has created for Inbound Interface is LAN Port and Outbound Interface is WAN port
3. Edit this rule
4. Change Inbound Interface to Any
5. Be careful with this in case a NON Natted DMZ port is used
7. Right-click the VPN connection policy in the Sonicwall Global VPN Client window, and select Disable.
8. Close the Sonicwall Global VPN Client application (from system tray as well).
9. Launch the Sonicwall Global VPN Client, right-click the VPN connection policy icon and select Enable from the menu.
ASKER
firmware is SonicOS Enhanced 5.5.1.0-5o
I tried creating the nat rule but get error original source cannot be 0.0.0.0 /0.0.0.0 event though as mentioned i selected vpn dhcp clients as original source
I tried creating the nat rule but get error original source cannot be 0.0.0.0 /0.0.0.0 event though as mentioned i selected vpn dhcp clients as original source
@Sid :: is that what you want to do? do you WANT internet go through the VPN or the local gateway?
ASKER
through the vpn.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
you're welcome...thanks for the points!