Solved

Sonicwall site to site VPN, no access to remote network

Posted on 2014-07-28
8
1,104 Views
Last Modified: 2014-07-29
Some info for the below scenario.

Site A - 192.168.25.0/24
Site B - 192.168.45.0/24

Sonicwall at Site A - 192.168.25.1
Sonicwall at Site B - 192.168.45.1

I have a site to site VPN active between two remote locations.  The VPN is established fine.  People at site B can access the server at site A.  I log on to the server (192.168.25.5) at site A and I try to go to the web management page for the Sonciwall at site B and I cannot acess.  I CAN ping 192.168.45.1 from the server with no issue.  I also want to access a network Buffalo drive which is at Site B.  The address is 192.168.45.10.  I want to access this from the server at Site A (192.168.25.1) and I cannot do so.

Again, people at site B CAN access servers and data at site A.  As far as I know everything on both Sonicwalls are set the same.

Does anyone have any thoughts?
0
Comment
Question by:pgoldwasser
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 7

Expert Comment

by:tolinrome
ID: 40224775
At site B is there an "access list" that allows the site A subnet range to access site B.
0
 

Author Comment

by:pgoldwasser
ID: 40225284
At site B there is a firewall rule that is allowing all traffic from the A subnet range to access site B.
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40225360
is that firewall rule allowing https? Can you post the configuration from both firewalls for comparison?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Expert Comment

by:carlmd
ID: 40226307
When configuring the STS VPN did you remember to define the network access at Site B on the VPN config, Network tab, similar to what you did on the Site A Sonicwall.
0
 
LVL 2

Assisted Solution

by:Peter Wilson
Peter Wilson earned 500 total points
ID: 40227713
You have to enable Management on the VA on the applicable Zone.
0
 

Author Comment

by:pgoldwasser
ID: 40228078
Here are the specific settings on both Sonciwalls.  Unfortunately I cannot download the config to a file like on a Cisco device.

Site A (main office with the file server)
VPN Zone is set to Allow Interface Trust
Address Object VPN_SiteB - 192.168.45.0/255.255.255.0
Firewall LAN > VPN
LAN      >      VPN         1      LAN Primary Subnet                     VPN_SiteB       Any      Allow
LAN      >      VPN         2      WAN RemoteAccess Networks     Any                      Any      Allow
LAN      >      VPN         3      WLAN RemoteAccess Networks   Any                      Any      Allow
Firewall VPN > LAN
VPN      >      LAN         1      VPN_SiteB      LAN Primary Subnet    Any                              Allow      
VPN      >      LAN         2      Any                     All Interface IP                  SNMP                              Allow      
VPN      >      LAN         3      Any                     All Interface IP                  SSH Management      Allow      
VPN      >      LAN         4      Any                     All Interface IP                  HTTPS Management      Allow      VPN      >      LAN         5      Any                     All Interface IP                  HTTP Management      Allow      VPN      >      LAN         6   Any                     All X0 Management IP      SNMP                      Allow      
VPN      >      LAN         7   Any                     All X0 Management IP      Ping                              Allow
VPN Settings > Network page
Local Network - LAN Primary Subnet
Remote Network - VPN_SiteB

Site B - Remote Network
VPN Zone is set to Allow Interface Trust
Address Object - VPN_SiteA - 192.168.25.0/255.255.255.0
Firewall LAN > VPN
LAN      >      VPN         1  LAN Subnets                                      VPN_SiteA     Any      Allow
LAN >      VPN     2  WLAN RemoteAccess Networks      Any                    Any      Allow
Firewall VPN > LAN
VPN >       LAN    1  Any                  All X0 Management IP                SNMP      Allow      
VPN >       LAN    2  Any                      All X0 Management IP                  Ping      Allow      VPN >       LAN    3  Any                      All Interface IP                            HTTPS      Allow      VPN >       LAN    4      VPN_SiteA      LAN Subnets                                  Any      Allow      
VPN >       LAN    5  Any                      WLAN RemoteAccess Networks Any      Alloow
VPN Settings > Network Page
Local Network - LAN Subnets
Remote Networks - VPN_SiteA

I think that is all of the settings that are pertinant.  Most of the firewall rules are created when the VPN is created and cannot be edited.  So again, SiteB can access data at SiteA but not the other way around.

Thanks!
0
 
LVL 2

Accepted Solution

by:
Peter Wilson earned 500 total points
ID: 40228155
it looks like you don't have management setup in site B. Site A has the following for mgmt.:

VPN      >      LAN         5      Any                     All Interface IP                  HTTP Management      Allow  

You configure this within the VPN Policy within Site B.
0
 

Author Comment

by:pgoldwasser
ID: 40228205
"You have to enable Management on the VA on the applicable Zone."

I do not see how to enable Management on the zone.  Management can only be enabled on the interface, and that is either LAN or WAN.  If enabled on the LAN zone, I should be able to use it through the VPN.  I could live without this if only I could access data on SiteB from SiteA.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Infrastructure for Branch Office 16 96
Expanding Subnet Mask 20 111
Palo Alto Networks: Packet Trace Simulator? 2 48
Juniper VPN for Mac and windows OS 5 38
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question