Brock Jones
asked on
Sonicwall Global VPN routing
Hello experts!
I have a Sonicwall TZ215 with a WANgroup VPN configured for remote users. The issue I am having is we have a vendor that is hosting a web application for us that is firewalled to only allow traffic from our WAN gateway IP. The GVPN users need to access this application as well. What I need to do is route the GVPN traffic through our gateway, but when I do this it kills all internet connectivity to the GVPN clients. The VPN client virtual adapters are getting DHCP from my Sonicwall. I am thinking it is probably a DNS issue but I cant seem to pinpoint it.
Any input will be greatly appreciated.
I have a Sonicwall TZ215 with a WANgroup VPN configured for remote users. The issue I am having is we have a vendor that is hosting a web application for us that is firewalled to only allow traffic from our WAN gateway IP. The GVPN users need to access this application as well. What I need to do is route the GVPN traffic through our gateway, but when I do this it kills all internet connectivity to the GVPN clients. The VPN client virtual adapters are getting DHCP from my Sonicwall. I am thinking it is probably a DNS issue but I cant seem to pinpoint it.
Any input will be greatly appreciated.
rather than doing a route all, you can do a split tunnel.
Just add the partner's site's IP address in the VPN Access List for your VPN users / groups.
Just add the partner's site's IP address in the VPN Access List for your VPN users / groups.
also you will need to add a VPN to WAN allow rule to the partner's site
ASKER
@JSpoor thank you for the response. I tried what you suggested. Can you please verify the settings for me?
Thank you.
Local group VPN Client access networks
LAN Primary Subnet (access to my network shares)
IP address of my web application
Firewall Rule
From: VPN
To: WAN
Source Port: Any
Service: Any
Source: VPN DHCP Clients
Destination: IP address of my web application
Users included: Trusted users
Users Excluded: None
Thank you.
Local group VPN Client access networks
LAN Primary Subnet (access to my network shares)
IP address of my web application
Firewall Rule
From: VPN
To: WAN
Source Port: Any
Service: Any
Source: VPN DHCP Clients
Destination: IP address of my web application
Users included: Trusted users
Users Excluded: None
looking good.
You might need to add a NAT policy
src = VPN DHCP pool
t src = X1 subnet
dst = website ip
t dst = original
srvc = any
tsrvc = original
You might need to add a NAT policy
src = VPN DHCP pool
t src = X1 subnet
dst = website ip
t dst = original
srvc = any
tsrvc = original
ASKER
@JSpoor When I add the NAT policy you suggested it kills internet connectivity to the VPN client.
can you make a screenshot of the NAT policy you tried to create, as that NAT policy should only take affect to the website as a destination.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://www.sonicwall.com/support/knowledge-base/?sol_id=170504571627675