pgoldwasser
asked on
Sonicwall site to site VPN, no access to remote network
Some info for the below scenario.
Site A - 192.168.25.0/24
Site B - 192.168.45.0/24
Sonicwall at Site A - 192.168.25.1
Sonicwall at Site B - 192.168.45.1
I have a site to site VPN active between two remote locations. The VPN is established fine. People at site B can access the server at site A. I log on to the server (192.168.25.5) at site A and I try to go to the web management page for the Sonciwall at site B and I cannot acess. I CAN ping 192.168.45.1 from the server with no issue. I also want to access a network Buffalo drive which is at Site B. The address is 192.168.45.10. I want to access this from the server at Site A (192.168.25.1) and I cannot do so.
Again, people at site B CAN access servers and data at site A. As far as I know everything on both Sonicwalls are set the same.
Does anyone have any thoughts?
Site A - 192.168.25.0/24
Site B - 192.168.45.0/24
Sonicwall at Site A - 192.168.25.1
Sonicwall at Site B - 192.168.45.1
I have a site to site VPN active between two remote locations. The VPN is established fine. People at site B can access the server at site A. I log on to the server (192.168.25.5) at site A and I try to go to the web management page for the Sonciwall at site B and I cannot acess. I CAN ping 192.168.45.1 from the server with no issue. I also want to access a network Buffalo drive which is at Site B. The address is 192.168.45.10. I want to access this from the server at Site A (192.168.25.1) and I cannot do so.
Again, people at site B CAN access servers and data at site A. As far as I know everything on both Sonicwalls are set the same.
Does anyone have any thoughts?
At site B is there an "access list" that allows the site A subnet range to access site B.
ASKER
At site B there is a firewall rule that is allowing all traffic from the A subnet range to access site B.
is that firewall rule allowing https? Can you post the configuration from both firewalls for comparison?
When configuring the STS VPN did you remember to define the network access at Site B on the VPN config, Network tab, similar to what you did on the Site A Sonicwall.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here are the specific settings on both Sonciwalls. Unfortunately I cannot download the config to a file like on a Cisco device.
Site A (main office with the file server)
VPN Zone is set to Allow Interface Trust
Address Object VPN_SiteB - 192.168.45.0/255.255.255.0
Firewall LAN > VPN
LAN > VPN 1 LAN Primary Subnet VPN_SiteB Any Allow
LAN > VPN 2 WAN RemoteAccess Networks Any Any Allow
LAN > VPN 3 WLAN RemoteAccess Networks Any Any Allow
Firewall VPN > LAN
VPN > LAN 1 VPN_SiteB LAN Primary Subnet Any Allow
VPN > LAN 2 Any All Interface IP SNMP Allow
VPN > LAN 3 Any All Interface IP SSH Management Allow
VPN > LAN 4 Any All Interface IP HTTPS Management Allow VPN > LAN 5 Any All Interface IP HTTP Management Allow VPN > LAN 6 Any All X0 Management IP SNMP Allow
VPN > LAN 7 Any All X0 Management IP Ping Allow
VPN Settings > Network page
Local Network - LAN Primary Subnet
Remote Network - VPN_SiteB
Site B - Remote Network
VPN Zone is set to Allow Interface Trust
Address Object - VPN_SiteA - 192.168.25.0/255.255.255.0
Firewall LAN > VPN
LAN > VPN 1 LAN Subnets VPN_SiteA Any Allow
LAN > VPN 2 WLAN RemoteAccess Networks Any Any Allow
Firewall VPN > LAN
VPN > LAN 1 Any All X0 Management IP SNMP Allow
VPN > LAN 2 Any All X0 Management IP Ping Allow VPN > LAN 3 Any All Interface IP HTTPS Allow VPN > LAN 4 VPN_SiteA LAN Subnets Any Allow
VPN > LAN 5 Any WLAN RemoteAccess Networks Any Alloow
VPN Settings > Network Page
Local Network - LAN Subnets
Remote Networks - VPN_SiteA
I think that is all of the settings that are pertinant. Most of the firewall rules are created when the VPN is created and cannot be edited. So again, SiteB can access data at SiteA but not the other way around.
Thanks!
Site A (main office with the file server)
VPN Zone is set to Allow Interface Trust
Address Object VPN_SiteB - 192.168.45.0/255.255.255.0
Firewall LAN > VPN
LAN > VPN 1 LAN Primary Subnet VPN_SiteB Any Allow
LAN > VPN 2 WAN RemoteAccess Networks Any Any Allow
LAN > VPN 3 WLAN RemoteAccess Networks Any Any Allow
Firewall VPN > LAN
VPN > LAN 1 VPN_SiteB LAN Primary Subnet Any Allow
VPN > LAN 2 Any All Interface IP SNMP Allow
VPN > LAN 3 Any All Interface IP SSH Management Allow
VPN > LAN 4 Any All Interface IP HTTPS Management Allow VPN > LAN 5 Any All Interface IP HTTP Management Allow VPN > LAN 6 Any All X0 Management IP SNMP Allow
VPN > LAN 7 Any All X0 Management IP Ping Allow
VPN Settings > Network page
Local Network - LAN Primary Subnet
Remote Network - VPN_SiteB
Site B - Remote Network
VPN Zone is set to Allow Interface Trust
Address Object - VPN_SiteA - 192.168.25.0/255.255.255.0
Firewall LAN > VPN
LAN > VPN 1 LAN Subnets VPN_SiteA Any Allow
LAN > VPN 2 WLAN RemoteAccess Networks Any Any Allow
Firewall VPN > LAN
VPN > LAN 1 Any All X0 Management IP SNMP Allow
VPN > LAN 2 Any All X0 Management IP Ping Allow VPN > LAN 3 Any All Interface IP HTTPS Allow VPN > LAN 4 VPN_SiteA LAN Subnets Any Allow
VPN > LAN 5 Any WLAN RemoteAccess Networks Any Alloow
VPN Settings > Network Page
Local Network - LAN Subnets
Remote Networks - VPN_SiteA
I think that is all of the settings that are pertinant. Most of the firewall rules are created when the VPN is created and cannot be edited. So again, SiteB can access data at SiteA but not the other way around.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"You have to enable Management on the VA on the applicable Zone."
I do not see how to enable Management on the zone. Management can only be enabled on the interface, and that is either LAN or WAN. If enabled on the LAN zone, I should be able to use it through the VPN. I could live without this if only I could access data on SiteB from SiteA.
I do not see how to enable Management on the zone. Management can only be enabled on the interface, and that is either LAN or WAN. If enabled on the LAN zone, I should be able to use it through the VPN. I could live without this if only I could access data on SiteB from SiteA.