Solved

SonicWALL Global VPN Client access to hardware VPN networks

Posted on 2011-09-07
6
285 Views
Last Modified: 2012-05-12
I have a client that has several offices.  Two of their offices have servers.  Each office has a SonicWALL with a hardware VPN that connects every office to each other office.  They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers.  They have asked if it is possible to use just one connection through the Global VPN Client and still maintain access to both servers.  I know this type of setup is possible, but wasn't sure how to accomplish it.

Basically, I need to allow the incoming Global VPN Client connections to have access to the networks over the SonicWALL to SonicWALL VPN connections.  Currently, the Global VPN Client connections only have access to the local network of that SonicWALL.

Hopefully this gives you enough information.  If you have any questions or need more information please don't hesitate to ask.
0
Comment
Question by:DaveFromPhilly
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:amatson78
ID: 36500025
The Global VPN Clients are just that, clients to the remote network. You connect to the SonicWALL to access the local networks. It is not designed to route to other remote networks over another IPSec tunnel. Unfortunately, I have seen this issue come up many times during my time at the SonicWALL TAC but it will not work with the current firmware. Whether or not they figure a way to implement it down the road or not I do not know but as of 5.8.1 it is not possible.
0
 

Author Comment

by:DaveFromPhilly
ID: 36500161
I actually spoke to SonicWALL's technical support about this issue.  At the time I was not in a position to actually do anything to the firewalls or their VPNs.  The technician told me that this was definitely a possibility, that it would just require some work NAT policies and static routes.

I guess, that being said I could call them back, but I'm not sure how much support they are actually willing to offer (most companies won't help with complex configurations).  I doubt I will get any more help than what was actually provided to me the first time I called them.

Thank you for your input.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500200
No worries, I can tell you from experience unless something changed in the last 2 months since I left there TAC that is is not possible. I was a Level 2 Engineer for their UTM and SRA devices and as many times as I tried (even with funky NAT policies) it was never successful. I tried with both the Global VPN and SSL VPN clients (Netextender) and it would just not route the traffic properly.

If you do contact them back tell them you want it escalated (policy is if the customer asks for escalation then it will be escalated :) ) and have them work with you too see if they have something new. This has been a feature long wanted and never implemented (not a developer so not sure if it is even possible)

Alan
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 36501519
"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"

"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its veru easy, simply make VPN connection between Site A and Site B aloowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 250 total points
ID: 36501525

sorry for type mistaks

"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"
"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its very easy, simply make VPN connection between Site A and Site B allowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 

Author Comment

by:DaveFromPhilly
ID: 36520247
I didn't end up using the suggestion that you gave, Syed M Usman.  Though it did lead me in a direction which appears to have worked, though I haven't been able to completely field test it yet.

I created an Address Group that contained the local LAN Subnet Address Object and the Address Object of the target network that is connect via VPN.  This allowed me to ping objects of the secondary firewall while connected to the primary firewall.

Hopefully I will be able to fully test this tomorrow morning.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now