JamesonJendreas
asked on
Sonicwall Global VPN - No Internet
So I've got a SonicWall NSA 4500. I've set up a ton of these guys in the past, and there is always one thing that I end up running around trying to figure out, and sure enough I'm running into it right now.
So, we're using the Global VPN (not SSL-VPN). No problem connecting and accessing local resources. Now, I have this odd thing where SOMETIMES users can access the internet when connected, other times they can't. I don't make any change, I get a call that users on the VPN can't get out to the net. Next thing I know, I get a call saying it's all good.
So, My setup. The Sonicwall is passing out DHCP addresses in the 192.168.15.0 /24 range. My Local subnet is 192.168.10.0 /24. The sonicwall's LAN IP is in that subnet.
VPN items I have setup:
Advanced tab:
"Default Gateway" has IP 192.168.15.1 entered (although this IP does not exist?!)
Client tab:
Virtual Adapter Settings: DHCP Lease or manual Config
Allow access to: Split tunnels
Set Default Route as this Gateway is checked
Suggestions?
So, we're using the Global VPN (not SSL-VPN). No problem connecting and accessing local resources. Now, I have this odd thing where SOMETIMES users can access the internet when connected, other times they can't. I don't make any change, I get a call that users on the VPN can't get out to the net. Next thing I know, I get a call saying it's all good.
So, My setup. The Sonicwall is passing out DHCP addresses in the 192.168.15.0 /24 range. My Local subnet is 192.168.10.0 /24. The sonicwall's LAN IP is in that subnet.
VPN items I have setup:
Advanced tab:
"Default Gateway" has IP 192.168.15.1 entered (although this IP does not exist?!)
Client tab:
Virtual Adapter Settings: DHCP Lease or manual Config
Allow access to: Split tunnels
Set Default Route as this Gateway is checked
Suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In my configuration I do not have the "Set route as this Gateway" checked. I can't say I have ever checked this before. I also run DHCP lease not DHCP Lease or Manual Config, although that should not cause this issue.
The added default gateway I would guess is causing the issue, especially since you say that IP does not exist. Although just to be sure I would make sure it is not the Create Interfaces IP for your Group VPN interface.
I have not seen this issue before or heard of it from any of my users with this set up.
But I create a new interface that is a member of my X0 or LAN interface on the Sonicwall for my group VPN clients and when I set up the DHCP over VPN (which is under the VPN link) then click configure button, I set the relay IP address as the IP of my newly created interface for Group VPN.
Hopefully this makes sense and helps.