indigo6
asked on
SonicWall SSL-VPN, no Internet connectivity for clients
Hello,
We have a SonicWall NSA220 and we are trying to route all internet traffic from laptops and iOS devices through the SSL-VPN. However, with tunnel all mode enabled, the internet on the client does not work. I originally had it configured with tunnel all mode disabled, but then the WAN IP shown on the client was not the WAN IP of the office network. How can I route all internet traffic through the SSL-VPN?
Thank you!
We have a SonicWall NSA220 and we are trying to route all internet traffic from laptops and iOS devices through the SSL-VPN. However, with tunnel all mode enabled, the internet on the client does not work. I originally had it configured with tunnel all mode disabled, but then the WAN IP shown on the client was not the WAN IP of the office network. How can I route all internet traffic through the SSL-VPN?
Thank you!
Hi indigo6,
SSL-VPN > WAN Traffic.
To pass traffic from SSL-VPN to WAN you should manually add an Access Rule SSL-VPN > WAN Allow.
Tunnel All mode.
Tunnel All mode routes all traffic to and from the remote user over the SSL-VPN NetExtender tunnel —including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:
IP Address Subnet mask
0.0.0.0 0.0.0.0
0.0.0.0 128.0.0.0
128.0.0.0 128.0.0.0
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL-VPN tunnel instead. For example, if a remote user has the IP address 10.0.67.64 on the 10.0.x.x network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.
Tunnel All mode is configured on the SSL VPN > Client Routes page.
May I ask what the overall goal is here?
SSL-VPN > WAN Traffic.
To pass traffic from SSL-VPN to WAN you should manually add an Access Rule SSL-VPN > WAN Allow.
Tunnel All mode.
Tunnel All mode routes all traffic to and from the remote user over the SSL-VPN NetExtender tunnel —including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:
IP Address Subnet mask
0.0.0.0 0.0.0.0
0.0.0.0 128.0.0.0
128.0.0.0 128.0.0.0
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL-VPN tunnel instead. For example, if a remote user has the IP address 10.0.67.64 on the 10.0.x.x network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.
Tunnel All mode is configured on the SSL VPN > Client Routes page.
May I ask what the overall goal is here?
ASKER
Hi, thanks for your input. What I am trying to accomplish is more security for remote employees. When they are on the go, I want all their network traffic to pass through the SSLVPN. I have an access rule in the SSLVPN > WAN zone already (screenshot attached), but I still can't browse the internet from a remote client. The network just hangs.
Thanks!
Thanks!
There is no attachment.
Try disabling Windows firewall and retest.
Try disabling Windows firewall and retest.
ASKER
No go. :( Also, the iOS app doesn't seem to allow network access with tunnel all mode enabled.
Hmm, I haven't come across that. So are you looking into the app under routes and it's not showing that? If not, how did you determine that?
ASKER
I've attached a screenshot. Thanks!
photo.PNG
photo.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for not responding in a timely manner. This got put on the backburner for a while. However, it worked! Thanks! It's obscenely slow, but that's fine for now. Thanks!
Great glad I could help and thanks for the points!
If its exceptionally slow it isn't because of the setup...the setup is straightforward in fact all we are doing is setting routing here. To correct transmission issues take a look here and change your MTU value: https://www.experts-exchange.com/A_12615.html
Cheers!
If its exceptionally slow it isn't because of the setup...the setup is straightforward in fact all we are doing is setting routing here. To correct transmission issues take a look here and change your MTU value: https://www.experts-exchange.com/A_12615.html
Cheers!
http://www.sonicwall.com/downloads/advanced_vpn.pdf
ctrl+f and search for "split tunnel".