Solved

SonicWALL Global VPN Client access to hardware VPN networks

Posted on 2011-09-07
6
288 Views
Last Modified: 2012-05-12
I have a client that has several offices.  Two of their offices have servers.  Each office has a SonicWALL with a hardware VPN that connects every office to each other office.  They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers.  They have asked if it is possible to use just one connection through the Global VPN Client and still maintain access to both servers.  I know this type of setup is possible, but wasn't sure how to accomplish it.

Basically, I need to allow the incoming Global VPN Client connections to have access to the networks over the SonicWALL to SonicWALL VPN connections.  Currently, the Global VPN Client connections only have access to the local network of that SonicWALL.

Hopefully this gives you enough information.  If you have any questions or need more information please don't hesitate to ask.
0
Comment
Question by:DaveFromPhilly
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:amatson78
ID: 36500025
The Global VPN Clients are just that, clients to the remote network. You connect to the SonicWALL to access the local networks. It is not designed to route to other remote networks over another IPSec tunnel. Unfortunately, I have seen this issue come up many times during my time at the SonicWALL TAC but it will not work with the current firmware. Whether or not they figure a way to implement it down the road or not I do not know but as of 5.8.1 it is not possible.
0
 

Author Comment

by:DaveFromPhilly
ID: 36500161
I actually spoke to SonicWALL's technical support about this issue.  At the time I was not in a position to actually do anything to the firewalls or their VPNs.  The technician told me that this was definitely a possibility, that it would just require some work NAT policies and static routes.

I guess, that being said I could call them back, but I'm not sure how much support they are actually willing to offer (most companies won't help with complex configurations).  I doubt I will get any more help than what was actually provided to me the first time I called them.

Thank you for your input.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500200
No worries, I can tell you from experience unless something changed in the last 2 months since I left there TAC that is is not possible. I was a Level 2 Engineer for their UTM and SRA devices and as many times as I tried (even with funky NAT policies) it was never successful. I tried with both the Global VPN and SSL VPN clients (Netextender) and it would just not route the traffic properly.

If you do contact them back tell them you want it escalated (policy is if the customer asks for escalation then it will be escalated :) ) and have them work with you too see if they have something new. This has been a feature long wanted and never implemented (not a developer so not sure if it is even possible)

Alan
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 36501519
"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"

"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its veru easy, simply make VPN connection between Site A and Site B aloowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 250 total points
ID: 36501525

sorry for type mistaks

"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"
"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its very easy, simply make VPN connection between Site A and Site B allowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 

Author Comment

by:DaveFromPhilly
ID: 36520247
I didn't end up using the suggestion that you gave, Syed M Usman.  Though it did lead me in a direction which appears to have worked, though I haven't been able to completely field test it yet.

I created an Address Group that contained the local LAN Subnet Address Object and the Address Object of the target network that is connect via VPN.  This allowed me to ping objects of the secondary firewall while connected to the primary firewall.

Hopefully I will be able to fully test this tomorrow morning.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VPN Client and Windows 10 9 84
Static Route 22 45
Microsoft VPN Client error 7 26
2 Gateways (bandwidth) - One domain 7 44
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now