Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Routing all Internet traffic through Sonicwall TZ170 Site-to-Site VPN

Posted on 2011-09-15
6
Medium Priority
?
2,879 Views
Last Modified: 2012-06-22
Hi All,

I'm running two Sonicwall TZ170 routes with the latest SonicOS Enhanced 3.4.1.3-11e. I have a site-to-site VPN established between our office in Canada and China and it works just fine.

In an effort to circumvent the great firewall of China (which is blocking some critical business related websites), I would like to route all internet traffic (as well as LAN traffic of course) through the VPN to our Canada office and onto the internet from there.

I've tried various configurations and a Sonicwall tutorial (SOS2e_Route_all_Internet_traffic_through_this_SA.pdf) with no luck.  Any available help on the internet appears to be for old version of SonicOS, which has differently (yet similarly) named options and configurations.

Can anyone help with the firewall rules, VPN config (beyond the basic which already works) and NAT?

Thanks,
Nicholas
0
Comment
Question by:encoad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 36547064
I've used that PDF specifically before with success. I'll review it again and see what the possible caveats are. In the mean time, please review the article below and see if it helps.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5243
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36547232
Can I post your settings screen shots for review and if possible the Tech Support Report from each unit here.

Alan, SonicWALL CSSA
0
 

Author Comment

by:encoad
ID: 36547595
With digitap's link, I was able to route all the traffic, but I am still unable to route some of the traffic.  

If "Use this VPN Tunnel as default route for all Internet traffic", it works fine.  But if I select "Choose destination network from list", it will not route to my group of networks.  Is this by design?  It says "destination network", not "destination networks"  Is there a way to select several networks?
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:encoad
ID: 36547649
It seems that once I follow digitap's instructions, I can only select "Use this VPN Tunnel as default route for all Internet traffic".  If I select "Choose destination network from list" the VPN tunnel will not be established.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36548627
Both sides have to match for tunnel to come up. If you are ponying a handful of networks grime one side the other has to.Be setup to accept only that group. If you want all traffic then not sides have to match accordingly. The only way to route all traffic is by setting the remote side as the default gateway via Von for all traffic.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36549311
Ah, so the Local Networks would need to be configured as Any Address on the other end, right? So it would look like this:

ChinaSW - Remote Networks set to "Use this VPN Tunnel as default route for all Internet traffic" <> USSW - Local Networks set to Any address.


Does this look right or do i have it backwards?
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question