sonicwall site to site vpn

hi, i have two sonicwall, TZ200 at the main office and TZ170 at the home office. The TZ200 has one static IP as main WAN and the ISP has routet one more IP to the main ip address. The TZ170 is a site to site VPN and the pc at the home office get ip from DHCP server on the office so the home pc/server is at the same range and subnet and use the same gateway. The extra ip that is routet to the main wan ip have a rule for connecting with https to the home office server/pc, but if i tru to access https://z.z.z.z from the outside i get this error

web access request dropped x.x.x.x, 23023, X1   y.y.y.y, 443, X1 TCP HTTPS

z.z.z.z is the extra ip that is routed to the wan ip
x.x.x.x is the public ip from the outside computer
y.y.y.y is the home server/pc lan adress

If i change the firewall rule so it goes to a server on the office its okey, but it cant reach the server thats on the other side of the VPN, but itsn not any problem to connect to the home office server/pc from the office.
LVL 1
cralAsked:
Who is Participating?
 
cralAuthor Commented:
moved the server to the office, workaround :-)
0
 
d3ath5tarCommented:
If the addresses are the same at home and in the office you would need to either change your home range and use dhcp on the home sonicwall, or nat the addresses across the site to site connection.
0
 
cralAuthor Commented:
The server at the office have DHCP, the site to site VPN is configured that all servers, pcs, printers etc. that is in use on the home office get ip adresses from that dhcp server and that function 110% and everything is okey. You dont need to have different ip adresses at home if you have high quality hardware that can be configured for this type of use. I think the problem is that the sonicwall at the office see the https traffic to the server at the home office as managment traffic since it need to go in a "loop" at the X1 (WAN network) because of the external routed extra ip adress.

OFFICE
Sonicwall TZ 200 Office
WAN: IP=x.x.160.138 GW=x.x.160.137 MASK=255.255.255.252
it use NAT
the ISP has routed a sngel adress y.y.235.250 to the WAN IP x.x.160.138
LAN: 192.168.1.1
VPN: site to site

Windows 2008 SBS
IP 192.168.1.10
DHCP 192.168.1.100-200




HOME
Sonicwall TZ 100 Home office
WAN: dynamic IP
LAN: std sonicwall ip since its not in use for other than configuration 192.168.168.168
VPN: site to site and that ALL clients get ip from remote DHCP server

Home clients and servers get ip from office dhcp server and the home server gets the same ip all the time.



Everything function okey and the only problem is when making a firewall rule thats tell the routed y.y.235.250 adress to be forwarded to the home server as HTTPS traffic.

I can forward HTTPS traffic to the office server from y.y.235.250
I can forward HTTPS traffic to the home server from the WAN ip x.x.160.138

The only problem is when forwarding HTTPS traffic from y.y.235.250 to the home server. I have added y.y.235.250 in ARP on the office sonicwall. So i think the problem has something to do with Sonicwalls HTTPS management to do since thats turned off from the WAN side and i cant turn it on since i allready forward HTTPS traffic from WAN (x.x.160.138) to the server at the office.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
d3ath5tarCommented:
Sorry, reading your original post i thought you meant you were using the same LAN addresses at both locations....

And if I am reading your second post correctly you have a service externally on y.y.235.250 for which the back end LAN server is actually in your home location across the vpn? y.y.235.250 is on your office sonicwall and x.x.160.138 is on your dsl router in front of the sonciwall?

If that is the case, you are looking at creating a NAT rule which basically says https on y.y.235.2500 NAT to YourHomeServerLanIP.

0
 
cralAuthor Commented:
yes, but all the NATs are correct and everything works, if i use some other services than HTTPS then everything works okey, so the only problem is to get HTTPS to forward over the VPN. I can change the service to SMTP, FTP or whatever and thats function okey.
0
 
d3ath5tarCommented:
have you tried changing the port of the https management so it doesn't try and use 443?
0
 
cralAuthor Commented:
couldnt solve it
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.