?
Solved

SonicWALL Global VPN Client access to hardware VPN networks

Posted on 2011-09-07
6
Medium Priority
?
309 Views
Last Modified: 2012-05-12
I have a client that has several offices.  Two of their offices have servers.  Each office has a SonicWALL with a hardware VPN that connects every office to each other office.  They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers.  They have asked if it is possible to use just one connection through the Global VPN Client and still maintain access to both servers.  I know this type of setup is possible, but wasn't sure how to accomplish it.

Basically, I need to allow the incoming Global VPN Client connections to have access to the networks over the SonicWALL to SonicWALL VPN connections.  Currently, the Global VPN Client connections only have access to the local network of that SonicWALL.

Hopefully this gives you enough information.  If you have any questions or need more information please don't hesitate to ask.
0
Comment
Question by:DaveFromPhilly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:amatson78
ID: 36500025
The Global VPN Clients are just that, clients to the remote network. You connect to the SonicWALL to access the local networks. It is not designed to route to other remote networks over another IPSec tunnel. Unfortunately, I have seen this issue come up many times during my time at the SonicWALL TAC but it will not work with the current firmware. Whether or not they figure a way to implement it down the road or not I do not know but as of 5.8.1 it is not possible.
0
 

Author Comment

by:DaveFromPhilly
ID: 36500161
I actually spoke to SonicWALL's technical support about this issue.  At the time I was not in a position to actually do anything to the firewalls or their VPNs.  The technician told me that this was definitely a possibility, that it would just require some work NAT policies and static routes.

I guess, that being said I could call them back, but I'm not sure how much support they are actually willing to offer (most companies won't help with complex configurations).  I doubt I will get any more help than what was actually provided to me the first time I called them.

Thank you for your input.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500200
No worries, I can tell you from experience unless something changed in the last 2 months since I left there TAC that is is not possible. I was a Level 2 Engineer for their UTM and SRA devices and as many times as I tried (even with funky NAT policies) it was never successful. I tried with both the Global VPN and SSL VPN clients (Netextender) and it would just not route the traffic properly.

If you do contact them back tell them you want it escalated (policy is if the customer asks for escalation then it will be escalated :) ) and have them work with you too see if they have something new. This has been a feature long wanted and never implemented (not a developer so not sure if it is even possible)

Alan
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 36501519
"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"

"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its veru easy, simply make VPN connection between Site A and Site B aloowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 1000 total points
ID: 36501525

sorry for type mistaks

"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"
"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its very easy, simply make VPN connection between Site A and Site B allowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 

Author Comment

by:DaveFromPhilly
ID: 36520247
I didn't end up using the suggestion that you gave, Syed M Usman.  Though it did lead me in a direction which appears to have worked, though I haven't been able to completely field test it yet.

I created an Address Group that contained the local LAN Subnet Address Object and the Address Object of the target network that is connect via VPN.  This allowed me to ping objects of the secondary firewall while connected to the primary firewall.

Hopefully I will be able to fully test this tomorrow morning.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question