• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 80
  • Last Modified:

Sonicwall Route over VPN keeps getting disabled

I am trying to figure out a routing problem with a Sonicwall TZ105.

Current setup:

X0: 10.10.10.1 on a /24
X0:V4 192.168.113.1 on a /24
VPN to 10.10.0.0/16

X0 is our LAN. We have VLAN4 on the LAN running so we can image machines, and configure them on a client's domain. The VPN goes to the clients domain. I was runnng into a problem where machines on VLAN4, when they would try to get to for example 10.10.10.234, they were trying to go to our LAN. When in reality they should be going over the VPN.

I fixed this by adding a static route:

Source: 192.168.113.1
Destination: 10.10.0.0/16
Service: Any
ToS/Mask: Any
Gateway: 0.0.0.0
Interface: X1
Metric: 10
Priority: 1

All other routes are Metric 20. This seems to work. But after a few days it will stop working. I will check the routing in the Sonicwall, and my custom route will be greyed out(disabled?). I only have to hit the configure button, make no changes, and hit ok, and that re-enables the route and everything starts working again.

Any way to do this better? Or to figure out why the route keeps getting disabled?
0
inTheKnowSea
Asked:
inTheKnowSea
  • 2
1 Solution
 
Blue Street TechLast KnightCommented:
Hi inTheKnowSea,

I don't really understand the problem. To me it sounds like your VLAN4 machines are going out your WAN instead of the VPN endpoints (your client's network)...is this correct?

Also, what type of VPN do you have in place?

Let me know thanks!
0
 
inTheKnowSeaAuthor Commented:
Blue Street,

No, the VLAN4 machines go to my VPN endpoints fine, until the route mysteriously becomes disabled. Are you referring to the Interface being X1? I just went off the other routes, I don't know if that is correct or not. But it does work. The problem is the route becomes disabled randomly.

If I don't have that static route in place, then my VLAN4 machines go over the VPN about 50% of the time. The other 50%, they try to go to my normal LAN, which fails because of Firewall policies.

The VPN is a Site to Site, IKE using preshared key, Main Mode.
0
 
inTheKnowSeaAuthor Commented:
So working with Sonicwall, we went with a different solution.

I changed my VPN to be to specific IPs. According to the Sonicwall technician, whatever route is "more" specific with take priority. So my VPN being to /32 addresses will take priority over the /24 route to my X0.

This has resolved the issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now