connectivity between site to site VPN's connected to NSA 2400

is there a proper way to establish connectivity between remote offices that are connected by VPN (SW SOHO) to the main branch that is using Sonicwalll NSA 2400. Each remote office has connectivity to the main branch, but need each remote office connectivity with each remote office via VPN.
tjguyNetwork AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
1. what's the full model number of your SW SOHO?
2. the versions of both SonicOS at both sides?
J SpoorTME / Network Security EvangelistCommented:
you have two options,
1) full mesh, each box has a VPN to each box
2) hub and spoke, traffic between branches goes over to the hub.

To accomplish #2
create an address group on each branch that includes not only the main office IP subnet but all the other branches as well and use that as Destiantion Networks
then on the main office, you need to create multiple address groups. example below
e.g.  HQ, B1, B2,B3
on HQ firewall create three groups
1) HQ LAN + B2 lAn + B3 LAN
2) HQ LAN + B1 lAn + B3 LAN
3) HQ LAN + B1 lAn + B2 LAN

you then use these groups as Local Networks in the VPN configs.
make sure to create the address objects in the correct zone.
Also double check VPN to VPN firewall rules on the main office firewall to check if all correct firewall rules to allow B1 to B2 and B3 etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tjguyNetwork AdministratorAuthor Commented:
Thank you J Sppor for the response, I really don't want to do a #1 solution,  will try the #2 approach. I will reply after completed.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

J SpoorTME / Network Security EvangelistCommented:
bbaoIT ConsultantCommented:
i am not sure the above general steps could help or not as some settings may vary on different SonicOS versions. anyway, give it a try.

if you still have problems, please advise:

1. what's the full model number of your SW SOHO?
2. the versions of both SonicOS at both sides
Benjamin Van DitmarsSr Network EngineerCommented:
Setup 2 wil work. we have used this at a couple of customer environments.
tjguyNetwork AdministratorAuthor Commented:
Still working on this, with the holidays, things are getting delayed a bit. expect results in the next week.
tjguyNetwork AdministratorAuthor Commented:
create the groups as JSpoor suggested, Kansas was able to ping Anaheim, and Escondido was able to ping both Kansas and Anaheim. worked really slick, just to add the Anaheim location was using a Fortigate router, so creating the groups was a little different in the Sonciwall, but still worked and each branch has connectivity. Great job J Spoor.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.