• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

Sonicwall Global VPN - No Internet

So I've got a SonicWall NSA 4500.  I've set up a ton of these guys in the past, and there is always one thing that I end up running around trying to figure out, and  sure enough I'm running into it right now.

So, we're using the Global VPN (not SSL-VPN).  No problem connecting and accessing local resources.  Now, I have this odd thing where SOMETIMES users can access the internet when connected, other times they can't.  I don't make any change, I get a call that users on the VPN can't get out to the net.  Next thing I know,  I get a call saying it's all good.

So, My setup.  The Sonicwall is passing out DHCP addresses in the /24 range.  My Local subnet is /24.  The sonicwall's LAN IP is in that subnet.  

VPN items I have setup:
Advanced tab:
"Default  Gateway" has IP entered (although this IP does not exist?!)
Client tab:
Virtual Adapter Settings: DHCP Lease or manual Config
Allow access to: Split tunnels
Set Default Route as this Gateway is checked

1 Solution
Well in my standard configuration of the Global VPN Client I have never put a gateway in the advanced tab i always leave the default
In my configuration I do not have the "Set route as this Gateway" checked. I can't say I have ever checked this before. I also run DHCP lease not DHCP Lease or Manual Config, although that should not cause this issue.

The added default gateway I would guess is causing the issue, especially since you say that IP does not exist. Although just to be sure I would make sure it is not the Create Interfaces IP for your Group VPN interface.

I have not seen this issue before or heard of it from any of my users with this set up.

But I create a new interface that is a member of my X0 or LAN interface on the Sonicwall for my group VPN clients and when I set up the DHCP over VPN (which is under the VPN link) then click configure button, I set the relay IP address as the IP of my newly created interface for Group VPN.

Hopefully this makes sense and helps.
Syed_M_UsmanSystem AdministratorCommented:

edit your WAN Group vpn polices as follows

1) Advanced Tab:Default Gateway should be
2) in client tab: Virtual Adapter settings: DHCP Lease or manual Config
3) in client tab: Alloww Connections to :Split Tunnel
4) in client tab : Set Default Route as this Gateway is checked
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now