Solved

Can't ping second VLAN subnet through SonicWall TZ215W

Posted on 2015-02-02
8
468 Views
Last Modified: 2015-02-03
I have a SonicWall TZ-215W setup in bridge mode.
- Wireless is a guest network only for internet access 100.150.10.x
- X0 is LAN 192.168.10.x
- X1 is WAN

I also have a Cisco SG300-20 that is configured as a layer 3 switch with two VLAN's
- VLAN1 192.168.10.x
- VLAN10 192.168.0.x

Everything works great internally. I can ping/access both VLAN's from both the SG300 and the SonicWall. I can use the diagnostic tools from the SonicWall and ping devices on both VLAN's using the X1 interface. I can access the internet from both VLAN's.

When I connect via VPN or SSLVPN I can ping everything on VLAN1, but cannot touch anything on VLAN10.

I am probably overlooking something simple, but running out of time to get this up and running.
0
Comment
Question by:teckygeek
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 40585997
Under SSLVPN -> Client Routes have you added VLAN10?
0
 

Author Comment

by:teckygeek
ID: 40586420
I have, but I am still unable to ping anything on VLAN10 through a VPN/SSLVPN connection.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 40586515
Any chance that the subnet on the client end of the SSLVPN is the same as VLAN10?
0
 

Author Comment

by:teckygeek
ID: 40586841
Client is setup for DHCP and obtains an IP address from VLAN1
192.168.10.x/255.255.255.0

Route(s) on the client
SSLVPN
192.168.10.0/255.255.255.0
192.168.0.0/255.255.255.0

Global VPN Client
10.50.100.0/255.255.255.0
192.168.0.0/255.255.255.0
192.168.10.0/255.255.255.0
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 20

Expert Comment

by:carlmd
ID: 40586866
With the SSLVPN connected, do a "netstat -rn" in a command prompt window on the client. Does it have a route to vlan10?

If possible, post the result with the SSLVPN both connected and disconnected.,
0
 

Author Comment

by:teckygeek
ID: 40587100
Disconnected

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            172.16.12.1        UGSc           18        0     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              4    36111     lo0
169.254            link#4             UCS             0        0     en0
172.16.12/24       link#4             UCS             4        0     en0
172.16.12.1/32     link#4             UCS             1        0     en0
172.16.12.1        c0:67:af:db:cf:61  UHLWIir        19        0     en0   1178
172.16.12.5        0:50:56:b9:2b:7c   UHLWIi         36      944     en0   1194
172.16.12.15       78:2b:cb:3a:e6:c5  UHLWIi          2    55090     en0    925
172.16.12.25       0:11:32:13:b:b1    UHLWIi          1     2761     en0    914
172.16.12.201/32   link#4             UCS             0        0     en0
172.16.12.255      ff:ff:ff:ff:ff:ff  UHLWbI          0       11     en0
172.16.208/24      link#12            UC              2        0  vmnet8
172.16.208.1       0:50:56:c0:0:8     UHLWIi          1       29     lo0
172.16.208.255     ff:ff:ff:ff:ff:ff  UHLWbI          0       11  vmnet8
172.16.252/24      link#11            UC              2        0  vmnet1
172.16.252.1       0:50:56:c0:0:1     UHLWIi          1       29     lo0
172.16.252.255     ff:ff:ff:ff:ff:ff  UHLWbI          0       11  vmnet1

Connected
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            172.16.12.1        UGSc           55        0     en0
default            link#10            UCSI            0        0   utun0
64.2.21.107/32     link#10            UCS             0        0   utun0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              4    36115     lo0
169.254            link#4             UCS             0        0     en0
172.16.12/24       link#4             UCS             4        0     en0
172.16.12.1/32     link#4             UCS             1        0     en0
172.16.12.1        c0:67:af:db:cf:61  UHLWIir        57        0     en0   1100
172.16.12.5        0:50:56:b9:2b:7c   UHLWIi         49     1457     en0   1193
172.16.12.15       78:2b:cb:3a:e6:c5  UHLWIi          3    81513     en0    787
172.16.12.25       0:11:32:13:b:b1    UHLWIi          1     3697     en0    776
172.16.12.201/32   link#4             UCS             0        0     en0
172.16.12.205      28:cf:e9:17:f2:f9  UHLWI           0        0     en0   1117
172.16.208/24      link#12            UC              1        0  vmnet8
172.16.208.1       0:50:56:c0:0:8     UHLWIi          1       29     lo0
172.16.252/24      link#11            UC              1        0  vmnet1
172.16.252.1       0:50:56:c0:0:1     UHLWIi          1       29     lo0
192.168.0          link#10            UCS             0        0   utun0
192.168.10         link#10            UCS             0        0   utun0
192.168.10.5/32    link#10            UCS             1        0   utun0
192.168.10.5       link#10            UHWIi           6        8   utun0
192.168.10.67      192.168.10.67      UH              0        0   utun0
SonicWall WAN IP Address    172.16.12.1        UGHS            0        0     en0
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40587340
in the sonicwall, network, routing, do you have something like this:
Any       N-vlan10       Any       R-sg300       X0       20       8
0
 

Author Closing Comment

by:teckygeek
ID: 40587358
I knew it was going to be something simple I overlooked. Added the route and everything works like a charm.

Thanks
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Broadband over Power Lines Broadband over Power Lines is the technology of transmitting computer data through power lines. This method of connectivity allows the user to have access to the internet without having to rely on additional cables, suc…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now