configure sonicwall to access nvr ports via global vpn client

I have a sonicwall nsa2650 and i have an nvr with poe ports on the back that have an internal dhcp server controlling them on a 10.0.0.x subnet. I want to access those ports from my laptop when connected via global vpn client.  sonicwall has x1 and x2 as wan, x0 as lan on 10.10.30.x, and I have plugged one of the nvr ports into x3 on sonicwall.  I need help configuring sonicwall so that I can navigate to the 10.0.0.x subnet
LVL 1
aerblichAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

J SpoorTMECommented:
what IP address does the X3 have?

to give access for your GVC Clients, you need to go to the user / group properties and add X3 Subnet to the VPN Access List on the user and/or groups
2
aerblichAuthor Commented:
I set the x3 as a wan zone, since it will be taking signals from the NVR, and I gave the x3 10.0.0.50, which is on the subnet of the nvr camera ports.  The lan zone that has the global vpn client has a subnet of 10.10.30.x  I can authenticate through the gvc, and I can see nodes on the 10.10.30.x but cant reach the 10.0.0.x subnet
0
J SpoorTMECommented:
not sure what an NVR is, is it a another WAN connection?
if not I suggest you set X3 as DMZ zone.
Did you include X3 subnet into the VPN access list for your VPN users?
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

aerblichAuthor Commented:
NVR is a network video recorder that sits behind the sonicwall on the lan, however it has on board 8 poe ports on a different subnet into which the ip cameras plug in.  I will double check the vpn access settings
0
Blue Street TechLast KnightCommented:
Hi aerblich,

I set the x3 as a wan zone, since it will be taking signals from the NVR, and I gave the x3 10.0.0.50, which is on the subnet of the nvr camera ports.
There are multiple problems here. a) X3 should be set to the LAN Zone or another newly created Zone like LAN2 or NVR but definitively not a WAN zone and b)10.0.0.50 is not a publicly routable address. To resolve this change the Zone to LAN or create a new one named NVR.

The lan zone that has the global vpn client has a subnet of 10.10.30.x  I can authenticate through the gvc, and I can see nodes on the 10.10.30.x but cant reach the 10.0.0.x subnet
This is because you have setup X3 in the WAN Zone when it should be setup in the LAN or as another NVR Zone as I mentioned above.

Since you already have access to the LAN Subnets object then the easiest way to make this work would be to setup the X3 Interface in the LAN Zone, however, for better security and especially since there are so many vulnerabilities with IP cameras I'd recommend creating a separate Zone for them called NVR.

To gain access to that Zone from the VPN you would need to add it to the User or Group within Local Users & Groups under VPN Access > Access List. If you are the admin and confident in your skill level you can also just add Firewalled Subnets instead of the LAN Subnets and any other subnets.

Let me know if you have any other questions!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aerblichAuthor Commented:
That sounds great.  Please bear with me, as I am out of town for two weeks for spring break vacation, and will not have physical access to reconfigure the ports, nor easy remote access. Upon my return, I will try this out and see how it goes and update  everyone with a comment.  Thanks again for your comprehensive response.
0
Blue Street TechLast KnightCommented:
My pleasure! Have a great vacation. See you when you return.
0
Blue Street TechLast KnightCommented:
Just checking in to see if you are back yet?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.