Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SonicWall SSL VPN Setup

Posted on 2013-01-24
8
1,021 Views
Last Modified: 2013-01-25
I am currently trying to configure the SSL VPN for our X1 WAN port that has a range of assigned IP addresses on it.  It is setup except for the last part which is to enable user login via https for the x1 interface.  

The SSL VPN IP is not the first address on the interface.  So when I enable the SonicWall https user login for X1 it kills my policy to send the first assignable address to a webserver and instead sends it to the SonicWall login page.  Is there a way to configure it so a seconary IP goes to the login screen and not the first usable on the interface?
0
Comment
Question by:metricsinc
  • 4
  • 4
8 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 38817654
You can give send each external ip to anything you want. Just male an address object and assign it
0
 
LVL 1

Author Comment

by:metricsinc
ID: 38818533
Thanks for the reply.  We have quite a few address objects for sending our other IP's to internal resources.  The problem is I can't seem to make an address object that points to the SonicWall User Login page?  I will go look again though and see if there is something I missed.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 38819037
Maybe I misunderstood. Are you sharing an external ip with the sonicwall and an internal web server?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:metricsinc
ID: 38819170
We have 3 IP's coming into the X1 interface.
1st IP goes to internal webserver
2nd IP goes to another internal webserver
3rd IP needs to redirect to the SonicWall SSL VPN login

If I follow the SW instructions for the setup then as soon as I enable https for user login on the interface it sends the first IP to the sonicWall login page.  I need the 3rd IP to go there instead.

I have created an address object for the 3rd public IP on X1 but when I go to setup the NAT policy there is a "https managment" object I can select but there isn't an "https user login" object.  So not quite sure how to redirect the 3rd IP to the login page?

Hope this helps explain the problem better...
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 38819936
I have a firewall rule:
WAN      >      WAN      5      Any      WAN Interface IP      SSLVPN

in address objects, I have a group called:
WAN Interface IP
and in it is the object WAN Primary IP

SO messing with the firewall rule is probably the safest place not to break anything else you have going on.
0
 
LVL 1

Author Comment

by:metricsinc
ID: 38820388
Yes I have that same rule and it works on the first IP port 4433 the problem is that rule is auto created when WAN SSL VPN is enabled.  So that rule takes over my rule where WAN Interface IP is "CompanyVPN Public"

So their rule is enforced and mine is ignored.

I guess I need to figure out how to enable the SSL VPN without it creating the rule for WAN Interface IP...
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 38820427
Can you change the rule priority?
0
 
LVL 1

Author Comment

by:metricsinc
ID: 38820556
OK that works now I just need to make sure I get the correct NAT Policy and it may work like I want it to.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question