Two dedicated lines going into Sonicwall, but only one of them accepts VPNs!

hi guys,

we have an Sonicwall NSA 3500. We have two dedicated lines going into it; one is a 4/4 and the other is a 10/10. The 10/10 has been set as the 'primary' WAN ethernet interface. The issue I'm having is that the 10/10 seems to accept VPN's, however whatever I do, I can't get anything connected on VPN to the 4/4.

Any ideas why or how to diagnose this?

Thanks peeps
Yashy
LVL 1
YashyAsked:
Who is Participating?
 
Syed_M_UsmanSystem AdministratorCommented:
attached may help you
VPN-Policy-X2.png
0
 
amatson78Sr. Security EngineerCommented:
There are two key parts to using multiple WAN connections with the VPN. Is this for failover? Is this between two SonicWALLs? I have included screen shots for example below. In this example the main side has the two WAN IPs. For the 10/10 I uses 1.1.1.1 and the 4/4 I used 2.2.2.2, the remote location is 3.3.3.3

On the remote site ad 1.1.1.1 for the primary and 2.2.2.2 for the secondary. The on the advanced tab make sure the VPN is bound to "Zone WAN". This will allow any "WAN" address to accept the VPN as long as both Phase 1 and Phase 2 of the VPN Matches.

 Main VPN Configuration Remote VPN Configuration Advanced tab for VPN binding.
Once setup you would have to pull the cable on the 10/10 connection and then attempt to connect the VPN again. Once the remote side cannot reach the primary WAN it will attempt the secondary IP in this case the 4/4 connection.

If it still does not work can you post screen shots of your setup as well as any log files pertaining to the VPN.

Regards,
Alan
0
 
YashyAuthor Commented:
Dude, thanks so much for posting.

On the remote sit I have only a draytek router 2820 which connects without any problems to the 10/10 (X2) on the Sonicwall. It's when I disconnect it from the 10/10 and try to connect the VPN to the 4/4 (X1) on the Sonicwall  that it doesn't pick up anything and the configurations are exactly the same so it should work.

I'm not trying to do failover. I just want all of our VPN's to be put on the 4/4 line that's all, but seeing as I can't, I'm having to connect the Draytek 2820s to the 10/10 instead.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
YashyAuthor Commented:
Guys, I'll test this on Monday and see how it goes and follow it up with the points. Thanks again.
0
 
YashyAuthor Commented:
Worked beautifully.
0
 
amatson78Sr. Security EngineerCommented:
Any assist points since I did provide the same solution first ?
0
 
YashyAuthor Commented:
Yes, I meant to accept both solutions but submitted for just one. How can I do that?
0
 
YashyAuthor Commented:
I've asked a moderator to offer points to Amatson78 also, so am waiting feedback.
0
 
amatson78Sr. Security EngineerCommented:
Lol ty, gotta keep the community growing ;)
0
 
YashyAuthor Commented:
Still am unable to give points here....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.