MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.
Course Of The Month
5 days, 21 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
SonicWall TZ-205W - 2 locations ONE NETWORK via VPN
Posted on 2014-04-24
Hello. I need assistance configuring my SonicWalls for VPN. What I want to do is extend my work office sace (192.168.34.X) to my home office so that my network at home is fully accessing work computers and my Cisco Phone can pull from the UC540 without issue.
I can get a green light for VPN but I dont know how to make it one network and ping and access computer names etc...
I can get a green light for VPN but I dont know how to make it one network and ping and access computer names etc...
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
13
11
24 Comments
Active 1 day ago
I assume you are probably using the SSLVPN. When you set these up you have to define the newtork(s) behind the Sonicwall that will be accessed via the VPN.
On the Sonicwal under the SSLVPN -> Client Settings be sure that you have defined a start and end ip (not currently used) for the client access. Then on Client Routes define which address object (lan subnets?) you want to give access to.
Note that a firwall rule (SSLVPN to LAN) should have been auto added.
Post back if you are using the GVPN and I can provide info for that.
On the Sonicwal under the SSLVPN -> Client Settings be sure that you have defined a start and end ip (not currently used) for the client access. Then on Client Routes define which address object (lan subnets?) you want to give access to.
Note that a firwall rule (SSLVPN to LAN) should have been auto added.
Post back if you are using the GVPN and I can provide info for that.
Hi. I am using gvpn. Look forward to your help. Im new to sonicwall so i appreciate detailed steps. Is there a way where the Work location can assign the ip?
Active 1 day ago
The easiest way to set up the GVPN is to use the Wizard. That is a button in the upper right hand corner of the screen once you have logged in to the Sonicwall as admin.
Click the Wizard button, select VPN Wizard, then WAN GroupVpn. You can accept the defaults on the next two screens unless you want to setup different security options. Then select the type of authentication you want to use, and be sure to enter the user name and password (done separately) for that if you decide to us one locally on the Sonicwall.
Note that you can still use the Wizard even if you have already tried to set this up manually.
Click the Wizard button, select VPN Wizard, then WAN GroupVpn. You can accept the defaults on the next two screens unless you want to setup different security options. Then select the type of authentication you want to use, and be sure to enter the user name and password (done separately) for that if you decide to us one locally on the Sonicwall.
Note that you can still use the Wizard even if you have already tried to set this up manually.
I must be missing something. I am not understanding how to connect the other Sonic wall to this one I did the wizard steps as above. If I run the wizard on the home unit, there is now where for me to put the work info in.
I have a manual VPN set up, and I can ping the SOnic Wall IP's on both end. 192.168.34.1 and 192.168.68.1, but I cannot hit anything else on the network.
Active 1 day ago
Sorry, didn't get that you had two Sonicwalls. I thought you were using one and a client.
If you have two, then you want to set up a site to site VPN. Do this using the Wizard as above, but select site to site, and answer the questions. Please note that you MUST do this on both ends, that is on both Sonicwalls. Once completed the two should indicate a sts connection.
You do NOT use a client when using a sts vpn. Once the connection is made, the networks you defined for access should be available from either end. One this is done try pinging something on the remote network and it should work.
If you have two, then you want to set up a site to site VPN. Do this using the Wizard as above, but select site to site, and answer the questions. Please note that you MUST do this on both ends, that is on both Sonicwalls. Once completed the two should indicate a sts connection.
You do NOT use a client when using a sts vpn. Once the connection is made, the networks you defined for access should be available from either end. One this is done try pinging something on the remote network and it should work.
Active 1 day ago
Did you set up the STS as per my last post?
On VPN -> Settings -> VPN Policies do you show the tunnel and does it have green circle showing it is active?
If you click the Configure circle and look under the Network tab, have you selected the local and remote networks. Each selection should include lan on each side. Check this on both Sonicwalls, since it must be defined on both ends.
On VPN -> Settings -> VPN Policies do you show the tunnel and does it have green circle showing it is active?
If you click the Configure circle and look under the Network tab, have you selected the local and remote networks. Each selection should include lan on each side. Check this on both Sonicwalls, since it must be defined on both ends.
Active 1 day ago
Do you see the green circle for the active tunnel?
Do you have the local and remote networks defined on each Sonicwall.
Please not that the subnet (ip address range) on each side of the Sonicwalls MUST be different. That is, if one is 192.168.1.x the other cannot be the same range. As an example 192.168.20.x would be ok on the other.
Do you have the local and remote networks defined on each Sonicwall.
Please not that the subnet (ip address range) on each side of the Sonicwalls MUST be different. That is, if one is 192.168.1.x the other cannot be the same range. As an example 192.168.20.x would be ok on the other.
Active 1 day ago
Can you post the result from each Sonicwall for...
If you click the Configure circle and look under the Network tab, have you selected the local and remote networks. Each selection should include lan on each side. Check this on both Sonicwalls, since it must be defined on both ends.
and also the address object definition of those used.
If you click the Configure circle and look under the Network tab, have you selected the local and remote networks. Each selection should include lan on each side. Check this on both Sonicwalls, since it must be defined on both ends.
and also the address object definition of those used.
Attached are the screen shots of exactly what is set up.
FROM-WORK.pdf
FROM-WORK.pdf
Active 1 day ago
Everything you posted was from one Sonicwall (192.168.34.1). How about the same info from the other Sonicwall.
Active 1 day ago
I am trying to verify that you have set up things correctly on both Sonicwalls. Unfortunately I can only see one side from the posting.
Hi CARLMD,
Here is the screen shots of the home network config, I can ping the work router only (192.168.34.1) from home, and from work I can only ping the home router (192.168.134.1).
HOME-SIDE.pdf
Here is the screen shots of the home network config, I can ping the work router only (192.168.34.1) from home, and from work I can only ping the home router (192.168.134.1).
HOME-SIDE.pdf
Active 1 day ago
I have reviewed your post and don't see anything wrong.
Given that, I suggest that you change the ip address range on either WORK or HOME (whatever is easier for you) to another non routable address range.
For example, you could change HOME to 10.0.0.1. Be sure to change the setting for the LAN definitions and also the connected lans on the remote tunnel end.
Given that, I suggest that you change the ip address range on either WORK or HOME (whatever is easier for you) to another non routable address range.
For example, you could change HOME to 10.0.0.1. Be sure to change the setting for the LAN definitions and also the connected lans on the remote tunnel end.
Active 1 day ago
Did you write any firewall rules that would prevent access?
If it was me the next thing I might try was to start over to eliminate the possibility that you accidently did something that is causing the problem. Without actually logging into each device I could not begin to guess what that might be.
I don't know if you can do this, but I would set each Sonicwall back to its factory defaults. If you want you can first save each of the configs by exporting them, so you could go back. Then configure the LAN and WAN X interface and nothing else. Then using only the wizard on each device, I would configure the STS vpn and see what happens.
If it was me the next thing I might try was to start over to eliminate the possibility that you accidently did something that is causing the problem. Without actually logging into each device I could not begin to guess what that might be.
I don't know if you can do this, but I would set each Sonicwall back to its factory defaults. If you want you can first save each of the configs by exporting them, so you could go back. Then configure the LAN and WAN X interface and nothing else. Then using only the wizard on each device, I would configure the STS vpn and see what happens.
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| policy based routing with recursive added - Cisco | 1 | 76 | |
| ASA5510 Blocking a Wanted Website/Host | 9 | 59 | |
| Simple Phone Dialer for Win10 | 2 | 109 | |
| Can't access router with user and pass | 10 | 108 |
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona.
Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works. This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
- Linux
- Windows OS
- Networking
- Paessler
- Network Management
- Network Analysis, Network Operations
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month5 days, 21 hours left to enroll
734 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.