Sonicwall Route over VPN keeps getting disabled

I am trying to figure out a routing problem with a Sonicwall TZ105.

Current setup:

X0: 10.10.10.1 on a /24
X0:V4 192.168.113.1 on a /24
VPN to 10.10.0.0/16

X0 is our LAN. We have VLAN4 on the LAN running so we can image machines, and configure them on a client's domain. The VPN goes to the clients domain. I was runnng into a problem where machines on VLAN4, when they would try to get to for example 10.10.10.234, they were trying to go to our LAN. When in reality they should be going over the VPN.

I fixed this by adding a static route:

Source: 192.168.113.1
Destination: 10.10.0.0/16
Service: Any
ToS/Mask: Any
Gateway: 0.0.0.0
Interface: X1
Metric: 10
Priority: 1

All other routes are Metric 20. This seems to work. But after a few days it will stop working. I will check the routing in the Sonicwall, and my custom route will be greyed out(disabled?). I only have to hit the configure button, make no changes, and hit ok, and that re-enables the route and everything starts working again.

Any way to do this better? Or to figure out why the route keeps getting disabled?
inTheKnowSeaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi inTheKnowSea,

I don't really understand the problem. To me it sounds like your VLAN4 machines are going out your WAN instead of the VPN endpoints (your client's network)...is this correct?

Also, what type of VPN do you have in place?

Let me know thanks!
0
inTheKnowSeaAuthor Commented:
Blue Street,

No, the VLAN4 machines go to my VPN endpoints fine, until the route mysteriously becomes disabled. Are you referring to the Interface being X1? I just went off the other routes, I don't know if that is correct or not. But it does work. The problem is the route becomes disabled randomly.

If I don't have that static route in place, then my VLAN4 machines go over the VPN about 50% of the time. The other 50%, they try to go to my normal LAN, which fails because of Firewall policies.

The VPN is a Site to Site, IKE using preshared key, Main Mode.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
inTheKnowSeaAuthor Commented:
So working with Sonicwall, we went with a different solution.

I changed my VPN to be to specific IPs. According to the Sonicwall technician, whatever route is "more" specific with take priority. So my VPN being to /32 addresses will take priority over the /24 route to my X0.

This has resolved the issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.