Sonicwall NetExtender Not Allowing Connection To Drive Global VPN Client is

I have a tz400. The Global VPN Client Allows me to map a network drive once connected.  NetExtender won't connect to Mapped drive. It just sits and tries to connect.
genusysAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi genusys,

You can use the Connection Scripts, which provides you the ability to run batch file scripts when NetExtender connects and/or disconnects. The scripts can be used to map or disconnect network drives and printers, launch applications, or open files or Web sites. NetExtender Connection Scripts can support any valid batch file commands.

Can you ping those servers where the network drive resides? Make sure you have added the LAN Subnet to the VPN routes.

Let me know if you have any other questions!
0
genusysAuthor Commented:
I can not Ping the server using NetExtender. It has X0 Subnets and I can't add Lan Subnets in the Client Routes because they overlap.
I get a correct ip address. IT's a 10.14.0.xxx and i see that.
0
Blue Street TechLast KnightCommented:
Yes they will obviously overlap so you need to replace X0 Subnets with LAN Subnets. So first remove X0 Subnets save then add LAN Subnets.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

genusysAuthor Commented:
I changed X0 toLan Subnets. No difference.  When i do an IP config /All the virtual NIC has no Default Gateway nor does it show the DNS server.

If I connect with the Global VPN Client it shows Gateway and DNS server. The global VPN client gets all config info asif connecting at the office. NetExtender does not. I did notice that the route in the NetExtender window is 10.14.0.0 the dns server is 10.14.0.10.  

it seems that NetExtender is giving an IP address but nothing else
0
Blue Street TechLast KnightCommented:
This sounds like a configuration issue within the setup of SSL-VPN. If you are receiving a Gateway in GVC then that means you have setup Tunnel All Mode...conversely if you do not receive a gateway that means typically that it was setup as a Split Tunnel Mode hence 0.0.0.0 for your Gateway, which would not show in ipconfig /all. So, in order to properly configure SSL-VPN in Tunnel All Mode you need to also configure an address object for 0.0.0.0, & assign SSL-VPN NetExtender users or groups to have access to this address object...I prefer Groups.

First, let's make sure you are in Tunnel All Mode:

1. Go to SSL-VPN > Client Settings > Default Device Profile > Configure button[/b].
2. Then click on the Client Routes tab, make sure Tunnel All is set to Enabled.

Now, to check your DNS config:

1. Click on the Client Settings tab, make sure DNS Server 1 & 2are keyed in or you can click Default DNS Settings to use the ones configured in the DNS section of the SonicWALL.
2. Click OK to save.

Now let's configure 0.0.0.0, & assign it to the SSL-VPN NetExtender users & groups requiring access:

1. Go to Users > Local Users or Users > Local Groups page.
2. Then click on the Configure button for an SSL-VPN NetExtender user or group (I prefer Group) that require SSL-VPN access.
3. Click on the VPN Access tab.
4. Select the WAN RemoteAccess Networks address object & click the right arrow (->) button.
5. Click OK.
6. Repeat steps 1 through 5 for all local users or groups that use SSL-VPN NetExtender.

Let me know if you have any questions!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
genusysAuthor Commented:
I made the changes as you suggested:

1. Client Routes: Tunnel All:  was set to Disabled Turned To Enable
2. Client Settings: DNS: Set to Default DNS Comcast 75.75.75.75 & 75.75.76.76
3. Local User Groups -> SSLVPN Services VPN TAB: Removed LAN Subnets Added WAN RemoteAccessNetworks

If there is other info needed i can provide.

Still no ping of server.
access-rules.PNG
Client-seting.PNG
NAT-PoliciesPNG.PNG
SSLVPNZone.PNG
0
Blue Street TechLast KnightCommented:
You are testing this outside of your network right? You can't be connected to the LAN, WLAN or any other Zone and test this cause it won't work otherwise.

If you ipconfig /all now you should see a Gateway and DNS in NetExtender driver & UI. Please confirm.

Let's verify connectivity.
  • Ping 8.8.8.8
  • Test browsing the Internet.
  • Ping other resources in the remote network.
  • Verify Ping is enabled on the server. Go to Windows Firewall and make sure Ping is allowed (there are multiple rules that should allow it).
Report back your results with each.
0
genusysAuthor Commented:
I am remote and not on any Remote network Zone.
I see DNS but, no Gateway.

1. I can ping: 8.8.8.8 and Google.com (Assume that is from my local nic connection.)
2. I can browse internet. (Assume that is from my local nic connection.)
3. I can not ping either the Sonicwall or the Server connected via netExtender.
4. I can Ping Firewall and Server Connected w/GlobalVPN Client

I think this might be helpful:
When connected via Global VPN Client i can ping internal (Remote Network Devices) but no internet sites or ip.
When connected to the NetExtender I can ping internet sites and ip's but not Internal  ip
0
Blue Street TechLast KnightCommented:
So what I had you setup on the SSL-VPN was Tunnel-All Mode, which means when you are connected to the VPN all traffic is now routed through that associated firewall and uses its associated bandwidth. This is more secure than using a Split Tunnel Mode because there is no security boundary mechanism on your machine so it would otherwise share both insecure and encrypted connections allowing for compromise especially when using an untrusted connection such as a airport, coffee shop, mall, hotel or public WiFi, etc.

So this means that when you read those ping tests it was sourcing from the remote site's resources and not your from your local internet connection. That test proves traffic is flowing from the remote side and you are able to browse websites and connect to the Internet through its connection.

Not being able to ping the SSL-VPN could just be that Ping is not enabled for that Zone (verify that). As a security Best Practice Ping sound be disabled on all zones unless the source is restricted.

Not being able to Ping remote resources could still be a local server firewall issue since the IP Pool is different from the GVC's IP pool and as such the Source IP address may be blocked for the SSL-VPN in Windows Firewall. Try disabling Windows firewall temporarily and then see if you can ping it. Also, can you RDP into the server?

It also sounds like your GVC is not setup correctly either and there maybe a routing issue. Is it in Tunnel-All Mode or Split Mode?
0
genusysAuthor Commented:
I didn't set this SW up.

I tried all suggestions. Nothing changed. Is there a way to reset everything VPN related without resetting the entire firewall?
0
genusysAuthor Commented:
A Sonicwall Engineer finally found the issue.

I really appreciate all the help i got!
0
genusysAuthor Commented:
Thanks for all the help. I put the resolution in a comment. I never would have found it.
0
Blue Street TechLast KnightCommented:
Glad I could help; thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.