Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sonicwall SOHO SSL-VPN no LAN Access

Posted on 2016-08-23
5
94 Views
Last Modified: 2016-08-30
I have a new Sonicwall SOHO appliances that I am trying to setup the SSL-VPN.  I can successfully connect with the NetExtender and get an IP Address but can not access anything on the LAN????

This isn't my first time setting up the SSL-VPN setup on a Sonicwall (but the first time with SOHO version) and have not run into this problem before.  Seems something has changed with the newer firmware or my new Sonicwall is simply broke?

Any advice would help.... Thanks!
0
Comment
Question by:April33
  • 3
  • 2
5 Comments
 
LVL 8

Expert Comment

by:J Spoor
ID: 41768301
Did you add the X0 subnet to the VPN access list of the user/group ?

There are basically two access lists
1) in the firewall SSLVPN->LAN zone
2) on the user/group VPN Access tab

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 
LVL 1

Author Comment

by:April33
ID: 41769591
Did you add the X0 subnet to the VPN access list of the user/group ?   Yes I did....

There are basically two access lists
 1) in the firewall SSLVPN->LAN zone    This is set correctly
 2) on the user/group VPN Access tab    This Is set correctly

This is a strange issue.  It's like it is being blocked.  

I also updated to the Latest Firmware... Even tried the Early release firmware?

Not sure how to fix this?  I did submit a ticket to Dell.  I am waiting to hear back.

Anymore ideas?
0
 
LVL 8

Accepted Solution

by:
J Spoor earned 500 total points
ID: 41769991
log on with the user via SSL VPN
go to the user status and find the IP address
log the user out,
from a device on thelan try to ping that IP address
if it replies there's a duplicate IP.
if not, log in again
then from the client do a constant ping to a server

run a packet capture with ethertype=ip and src ip is the above IP
also check the logs on that source IP for a block message
0
 
LVL 1

Author Comment

by:April33
ID: 41775569
I tried pining the SSL Client IP when connected from within the LAN, got nothing.

I haven't run a packet trace yet.  I do have a call from Sonicwall support scheduled for tomorrow.

I will update afterward.
0
 
LVL 1

Author Closing Comment

by:April33
ID: 41777028
I spoke with Dell Sonicwall Support today.  They remoted to the SW and looked around and did some packet captures while pinging from a connected SSLVPN client.

The capture showed packets being dropped by the firewall due to a policy.  

When I set up the SW initially, I Bridged the LAN and WLAN networks.  The problem was that I needed to add a rule in the Firewall SSLVPN to WLAN to Allow traffic to flow between them.  Once the rule was added I can ping everyone thing on the LAN from the SSLVPN client.

JSpoor, thanks for helping!
1

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 108
Workstations, some, losing connection, others that should be lgged off 6 41
ASA configuration 2 39
VLAN Question 13 43
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question