Sonicwall Site-to-Site VPN - Packet Manipulation
Posted on 2012-09-13
Got an interesting one here. I have a remote office that is connected to my LAN via a site-to-site VPN, run through two Sonicwall firewalls (using the Enhanced OS). The tunnel is up and running.
We have one problem, regarding communication between specific types of hardware and specific packets. The hardware itself I know is operating properly
So i did a packet capture on both Sonicwalls, filtering for two problematic devices. We noticed that the original packet is actually a different size than when it hits the other side of the tunnel. I know that any type of packet manipulation will break the communication of these devices.
That said, I want the sonicwall to NOT inspect packets on the VPN. We have DPI turned off across the system (using SPI). My though is to change the "VPN Policy Bound to" from "Zone WAN" to "X0" (LAN interface)
I'm wondering if this work, and if there is anything that might break.