[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SonicWALL Global VPN Client access to hardware VPN networks

Posted on 2011-09-07
6
Medium Priority
?
313 Views
Last Modified: 2012-05-12
I have a client that has several offices.  Two of their offices have servers.  Each office has a SonicWALL with a hardware VPN that connects every office to each other office.  They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers.  They have asked if it is possible to use just one connection through the Global VPN Client and still maintain access to both servers.  I know this type of setup is possible, but wasn't sure how to accomplish it.

Basically, I need to allow the incoming Global VPN Client connections to have access to the networks over the SonicWALL to SonicWALL VPN connections.  Currently, the Global VPN Client connections only have access to the local network of that SonicWALL.

Hopefully this gives you enough information.  If you have any questions or need more information please don't hesitate to ask.
0
Comment
Question by:DaveFromPhilly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:amatson78
ID: 36500025
The Global VPN Clients are just that, clients to the remote network. You connect to the SonicWALL to access the local networks. It is not designed to route to other remote networks over another IPSec tunnel. Unfortunately, I have seen this issue come up many times during my time at the SonicWALL TAC but it will not work with the current firmware. Whether or not they figure a way to implement it down the road or not I do not know but as of 5.8.1 it is not possible.
0
 

Author Comment

by:DaveFromPhilly
ID: 36500161
I actually spoke to SonicWALL's technical support about this issue.  At the time I was not in a position to actually do anything to the firewalls or their VPNs.  The technician told me that this was definitely a possibility, that it would just require some work NAT policies and static routes.

I guess, that being said I could call them back, but I'm not sure how much support they are actually willing to offer (most companies won't help with complex configurations).  I doubt I will get any more help than what was actually provided to me the first time I called them.

Thank you for your input.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500200
No worries, I can tell you from experience unless something changed in the last 2 months since I left there TAC that is is not possible. I was a Level 2 Engineer for their UTM and SRA devices and as many times as I tried (even with funky NAT policies) it was never successful. I tried with both the Global VPN and SSL VPN clients (Netextender) and it would just not route the traffic properly.

If you do contact them back tell them you want it escalated (policy is if the customer asks for escalation then it will be escalated :) ) and have them work with you too see if they have something new. This has been a feature long wanted and never implemented (not a developer so not sure if it is even possible)

Alan
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 36501519
"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"

"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its veru easy, simply make VPN connection between Site A and Site B aloowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 1000 total points
ID: 36501525

sorry for type mistaks

"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"
"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its very easy, simply make VPN connection between Site A and Site B allowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 

Author Comment

by:DaveFromPhilly
ID: 36520247
I didn't end up using the suggestion that you gave, Syed M Usman.  Though it did lead me in a direction which appears to have worked, though I haven't been able to completely field test it yet.

I created an Address Group that contained the local LAN Subnet Address Object and the Address Object of the target network that is connect via VPN.  This allowed me to ping objects of the secondary firewall while connected to the primary firewall.

Hopefully I will be able to fully test this tomorrow morning.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question