SonicWall VPN Access to Seperate Interface with routing setup.

I apologize ahead of time, since I'm new to configuring Sonicwalls and I might not explain this correctly.



I've just got a new client with a Sonicwall set up that they use the Sonicwal GVPN client to VPN in from home. Everything on their network they can access via VPN. (Interface X0)

They are directly connected to another business via a separate interface on the sonicwall (Interface X2). Because this other business is has a similar IP Scheme, the previous guy set up routing / NAT between the two to change the address scheme over. The users just connect to a simple Web server for data access from the other business.

Up until recently the users would be able to connect via VPN from home and access both their network X0, and the other businesses web server X2. This just stopped working about a week ago, no changes were made to the Sonicwall, or as far as I have been informed, anything on the X2 end. The Web server can still be accessed Onsite though.

So far I've found that when connected to VPN, the local computer is trying to access their local network, not the VPN, when trying to connect to the X2 web server. So the routing on the local computer isn't set up properly to go through the VPN, but I'm not sure why.

Does anyone have an idea of what I could look for to try and fix this?

If anyone needs more information, I can provide it.
SouthernTierGraphicsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

carlmdCommented:
Are those using the vpn entering a URL or ip address to access the web site on the X2 interface? Same questionfor when it is accessed from the office and works.

If a URL on the vpn, then try using the ip to see  if it works. If so, this points to a dns issue.

Post back and we can determine what to do next.
0
SouthernTierGraphicsAuthor Commented:
They use an IP Address both ways. Neither IP or DNS work, can't ping either on VPN side, but can onsite.
0
carlmdCommented:
So they can still access any other resources on the LAN (behind Sonicwall) but just cannot get to the web site url, correct? For example, ping a pc on the LAN from the VPN.

From the pc with the VPN connected I would open a command prompt and and do "netstat -rn" and look under active routes to see if there is a route to the web site ip.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

SouthernTierGraphicsAuthor Commented:
Correct, local access on our network x0 is fine. Full access. Access to the neighbor business on x2 is blocked or something.

Under netstat -rn there is no active route to the appropriate network. We manually added one, and it still failed.

Is there a setting in sonicwall that could potentiall block traffic to x2 from VPN only?
0
carlmdCommented:
Yes, but you said no one changed anything, and it would have had to be there for it to ever have worked.

Check this:

Go to firewall rules for VPN to X2 interfaces. You should see a rule that says permit all to the object representing the ip address of the web server, or just to everything on X2. And the reverse should be true for X2 to VPN.

The route for this should have been added when the interface was enabled, as Sonicwall knows its own interfaces. The route should be there or it would not work from the LAN either.
0
SouthernTierGraphicsAuthor Commented:
I checked the access rules and their there. They point to LAN zone which includes X2. So LAN to VPN -> any, and VPN to LAN -> any.
0
carlmdCommented:
Try adding an explicit rule for X2 and see what happens.
0
SouthernTierGraphicsAuthor Commented:
After messing around with it for a couple of more hours, I think it was related to the Unauthenticated Users Access. It was set to Lan Subnets, and I'm thinking since the other connection was NATed, it couldn't tell that it was a LAN subnet. So I had to add access to that too and then it started working.

Thanks for help in pointing me in the right direction!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SouthernTierGraphicsAuthor Commented:
Found in answer in Access rights on Unauthenticated Users.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.