[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SonicWALL Global VPN Client access to hardware VPN networks

Posted on 2011-09-07
6
Medium Priority
?
316 Views
Last Modified: 2012-05-12
I have a client that has several offices.  Two of their offices have servers.  Each office has a SonicWALL with a hardware VPN that connects every office to each other office.  They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers.  They have asked if it is possible to use just one connection through the Global VPN Client and still maintain access to both servers.  I know this type of setup is possible, but wasn't sure how to accomplish it.

Basically, I need to allow the incoming Global VPN Client connections to have access to the networks over the SonicWALL to SonicWALL VPN connections.  Currently, the Global VPN Client connections only have access to the local network of that SonicWALL.

Hopefully this gives you enough information.  If you have any questions or need more information please don't hesitate to ask.
0
Comment
Question by:DaveFromPhilly
  • 2
  • 2
  • 2
6 Comments
 
LVL 8

Expert Comment

by:amatson78
ID: 36500025
The Global VPN Clients are just that, clients to the remote network. You connect to the SonicWALL to access the local networks. It is not designed to route to other remote networks over another IPSec tunnel. Unfortunately, I have seen this issue come up many times during my time at the SonicWALL TAC but it will not work with the current firmware. Whether or not they figure a way to implement it down the road or not I do not know but as of 5.8.1 it is not possible.
0
 

Author Comment

by:DaveFromPhilly
ID: 36500161
I actually spoke to SonicWALL's technical support about this issue.  At the time I was not in a position to actually do anything to the firewalls or their VPNs.  The technician told me that this was definitely a possibility, that it would just require some work NAT policies and static routes.

I guess, that being said I could call them back, but I'm not sure how much support they are actually willing to offer (most companies won't help with complex configurations).  I doubt I will get any more help than what was actually provided to me the first time I called them.

Thank you for your input.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36500200
No worries, I can tell you from experience unless something changed in the last 2 months since I left there TAC that is is not possible. I was a Level 2 Engineer for their UTM and SRA devices and as many times as I tried (even with funky NAT policies) it was never successful. I tried with both the Global VPN and SSL VPN clients (Netextender) and it would just not route the traffic properly.

If you do contact them back tell them you want it escalated (policy is if the customer asks for escalation then it will be escalated :) ) and have them work with you too see if they have something new. This has been a feature long wanted and never implemented (not a developer so not sure if it is even possible)

Alan
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 36501519
"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"

"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its veru easy, simply make VPN connection between Site A and Site B aloowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 
LVL 16

Accepted Solution

by:
Syed_M_Usman earned 1000 total points
ID: 36501525

sorry for type mistaks

"They currently use two different connections in the Global VPN Client to connect to the two different offices that have servers"
"They have asked if it is possible to use just one connection through"

My Dear its possible.....

lets say you have 2 offices,

Site A-------- a.b.c.d/24
Site B---------w.x.y.z/24

if you want to connect GVC with Site A and access site B its very easy, simply make VPN connection between Site A and Site B allowing Firewall subnets...
Create one group in Firewall VPN (SNA>Users >Local Groups) allow access in LAN subnet, create on user under local user, member local users into group create GVC vpn policy test your connection.
0
 

Author Comment

by:DaveFromPhilly
ID: 36520247
I didn't end up using the suggestion that you gave, Syed M Usman.  Though it did lead me in a direction which appears to have worked, though I haven't been able to completely field test it yet.

I created an Address Group that contained the local LAN Subnet Address Object and the Address Object of the target network that is connect via VPN.  This allowed me to ping objects of the secondary firewall while connected to the primary firewall.

Hopefully I will be able to fully test this tomorrow morning.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question