raffie613
asked on
SonicWall SOHO VPN site to site setup
We have two location with SOHO firewalls. VPN setup looks the same as it has in all TZ products. Using IKE shared password. Have both external ip addresses plugged in. For someone reason the VPN is not establishing . When I ran the wizard for VPN setup it was giving me an this address range overlaps with another range during the Network selection part of the setup. One location has an internal network of 192.168.13.1 and the other location has 192.168.1.0
Aren't those on different ranges?
Is there something else I am missing?
Thanks.
Aren't those on different ranges?
Is there something else I am missing?
Thanks.
LockDown32
Unless it is a class B. What are your subnet masks?
whats you subnet mask, you must have it to 255.255.0.0 if it state it overlaps
ASKER
they are both 255.255.255.0
Can I just change it on the firewall or will that effect the local network if I do?
Can I just change it on the firewall or will that effect the local network if I do?
if that network is not being used by the internal network then its fine to change, it the local network has that as the gateway then it will cause issues
The wizard is asking you which two subnets you are going to connect via VPN. You have to know what they are. If those are your two subnets then continue on. If not change them.
I got in to a TZ100. The first thing you want to do is define an address object something like "Remote Network" and tell it the subnet and mask. Then define a local network. Than VPN between the two. What king of SonicWall is it?
ASKER
It is a SOHO firewall, their new device.
Both internet network have a subnet mask of 255.255.255.0
Is there a fast way to do something to avoid internet network issues?
I read something about being able to use NAT to create a go between false network.
Both internet network have a subnet mask of 255.255.255.0
Is there a fast way to do something to avoid internet network issues?
I read something about being able to use NAT to create a go between false network.
I am a little lost on the "Is there a fast way to do something to avoid internet network issues". If the internet requires VPN and the VPN isn't connecting than the internet wouldn't be working anyway would it? The VPN Wizard won't disrupt internet and neither will creating the objects.
ASKER
Let me clarify.
Both location have internet on their own and are running individually. We want to link the two location so they can do folder and file sharing.
Would doing NAT translation be the best option here in stead of redoing one locations network mask?
Thanks.
Both location have internet on their own and are running individually. We want to link the two location so they can do folder and file sharing.
Would doing NAT translation be the best option here in stead of redoing one locations network mask?
Thanks.
This is where you are losing me. From above you stated "One location has an internal network of 192.168.13.1 and the other location has 192.168.1.0" and later you said that both networks use a subnet mask of 255.255.255.0 So there is no need to change the subnet but...
Technically 192.168.13.1 is not a subnet. Maybe we need to start from ground zero. Do you know what the subnets are of the two networks?
Technically 192.168.13.1 is not a subnet. Maybe we need to start from ground zero. Do you know what the subnets are of the two networks?
ASKER
Location A has a network scheme of 192.168.13.0 mask of 255.255.255.0
Location B is 192.168.1.0 mask 255.255.255.0
When I try to create a site to site VPN I am getting a error when adding the address range "this address range overlaps with another range" during the Network selection part of the setup.
Is this happening because it thinks both locations network overlap?
Location B is 192.168.1.0 mask 255.255.255.0
When I try to create a site to site VPN I am getting a error when adding the address range "this address range overlaps with another range" during the Network selection part of the setup.
Is this happening because it thinks both locations network overlap?
Those are two completely different subnets. Did you try setting up address objects for the local and remote networks and using those address objects in the VPN Wizard?
Do you have VPN connections (possibly the one that doesn't work) that needs to be deleted first?
Post a screen shot of the error.....
Do you have VPN connections (possibly the one that doesn't work) that needs to be deleted first?
Post a screen shot of the error.....
ASKER
That error was because the old one I had that was failing and I was trying to create a new one to see what was wrong in the config to why it was not connecting.
So what else would be stopping the VPN from connecting? The wizard now finished successfully. going through a Comcast modem.
So what else would be stopping the VPN from connecting? The wizard now finished successfully. going through a Comcast modem.
OK. So the old VPN connection was why the Wizard gave you that error. Did you delete the old VPN from the other side and run the wizard from the other side too?
So in each building you go from the LAN to the SonicWall and from the SonicWall to a Comcast Router and then out to the internet?
If that is the case then you want the IP Address of the SOHO to be the Gateway address of the Comcast and the Gateway Address of the SOHO to be the IP Address of the Comcast. Then when you set up the the VPN you set it up with the IP Addresses of the SOHOs. Seems a little weird but that is the way it is done.
So in each building you go from the LAN to the SonicWall and from the SonicWall to a Comcast Router and then out to the internet?
If that is the case then you want the IP Address of the SOHO to be the Gateway address of the Comcast and the Gateway Address of the SOHO to be the IP Address of the Comcast. Then when you set up the the VPN you set it up with the IP Addresses of the SOHOs. Seems a little weird but that is the way it is done.
ASKER
old VPN were deleted on both sides and redone.
You are correct on the layout of the network.
You are correct on the layout of the network.
The only other thing I remember having to do was to call Comcast and have them turn the firewall off on their modems. Did you ever have the VPN working between the two sites or is this a first?
ASKER
Never had VPN working but I can try to turn off the firewall if you think that will help.
ASKER
ok I disabled the Comcast firewall but still not able to establish connection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did not have keep alive checked. The wizard did not have a step for that either, but as soon as I checked it came up green. Great F-in call. Wonder why the wizard doesn't do that if it is required.
I remember being a little surprised by that too. For some reason SonicWall doesn't push the Keep Alive which makes the VPN keep going up and down based on if it is being used or not. That isn't how I would want my vpn to work.
If you want to play... uncheck the Keep Alive, let the connect drop and than try pinging something on the other network. It might take a couple minutes but by pinging something on the other network the vpn should connect for a while until it is not longer needed than drop again until something else request something from the other side. Strange way to do it.
If you want to play... uncheck the Keep Alive, let the connect drop and than try pinging something on the other network. It might take a couple minutes but by pinging something on the other network the vpn should connect for a while until it is not longer needed than drop again until something else request something from the other side. Strange way to do it.