Link to home
Start Free TrialLog in
Avatar of Brock Jones
Brock Jones

asked on

Sonicwall Global VPN routing

Hello experts!
I have a Sonicwall TZ215 with a WANgroup VPN configured for remote users. The issue I am having is we have a vendor that is hosting a web application for us that is firewalled to only allow traffic from our WAN gateway IP. The GVPN users need to access this application as well. What I need to do is route the GVPN traffic through our gateway, but when I do this it kills all internet connectivity to the GVPN clients. The VPN client virtual adapters are getting DHCP from my Sonicwall. I am thinking it is probably a DNS issue but I cant seem to pinpoint it.

 Any input will be greatly appreciated.
Avatar of Jorge Diaz
Jorge Diaz
Flag of United States of America image

it definitely looks like a dns issue, haven't worked on sonicwalls in a while so i can't tell you step by step what to do, i found this online that i believe can help you out.

https://www.sonicwall.com/support/knowledge-base/?sol_id=170504571627675
rather than doing a route all, you can do a split tunnel.
Just add the partner's site's IP address in the VPN Access List for your VPN users / groups.
also you will need to add a VPN to WAN allow rule to the partner's site
Avatar of Brock Jones
Brock Jones

ASKER

@JSpoor  thank you for the response. I tried what you suggested. Can you please verify the settings for me?
Thank you.

Local group VPN Client access networks
LAN Primary Subnet (access to my network shares)
IP address of my web application

Firewall Rule
From: VPN
To: WAN
Source Port: Any
Service: Any
Source: VPN DHCP Clients
Destination: IP address of my web application
Users included: Trusted users
Users Excluded: None
looking good.

You might need to add a NAT policy

src = VPN DHCP pool
t src = X1 subnet
dst = website ip
t dst = original
srvc = any
tsrvc = original
@JSpoor When I add the NAT policy you suggested it kills internet connectivity to the VPN client.
can you make a screenshot of the NAT policy you tried to create, as that NAT policy should only take affect to the website as a destination.
User generated image
original dest is the public IP of the web application server.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.