auxilary Posted August 19, 2009 Share Posted August 19, 2009 I am trying to set up IPSEC vpn with GVC to connect to the NSA 3500 firewall. I am having several issues. Here's what I am trying to do: in my scenario, I have a 3500 firewall, and all 6 interfaces are used for various subnets. I want to use IPSEC vpn client for remote users to connect to the sonicwall. They should be able to VPN in, get an IP leased from a DHCP server for a virtual lan, and policies on the firewall should allow users on the vlan to get access to other subnets. let's say this is my current assignment for interfaces: X0- 192.168.100.1/24 X1- WAN X2- 192.168.150.1/24 X2:VLAN - 10.1.1.1/24 X3- 192.168.160.1/24 X4- 192.168.170.1/24 X5- 192.168.180.1/24 A zone is configured for each. X2:V10 zone is set up with X2 as parent. I have a DHCP server running on X0-, 192.168.100.50. It services DHCP for all non-WAN interfaces, and IP Helper is set up on SonicWall to route DHCP requests from each zone I want the group VPN to assign X2:V10 subnet via DHCP to the users that login via VPN. when a user VPNs in, they should get 10.1.1.50-99 IP address.. On with the current problems 1. I am not able to successfully allow it to connect and do split tunnel traffic when VPN client establishes a connection. Under VPN->Settings->WAN groupVPN I have disabled 'set default route as gateway' option, and gateway is set to 0.0.0.0. The problem arises when GVC assigns 2 default routes, and traffic cannot pass correctly. If I manually remove one of the default routes on the client machine, split tunnels work just fine. But I cannot expect users do this this themselves. I would like to ideally be able to have users use split tunnel, rather than route all traffic through the firewall. 2. I was able to successfully route all traffic through 'secure tunnel' VPN option. Not the best, but it works for now. However, I would like to have the sonicwall correctly assign 10.1.1.0/24 address range to the VPN clients. What do I need to do to properly set up VPN on a separate non-physical interfaces, and allow it to properly communicate with other interfaces? Quote Link to comment Share on other sites More sharing options...
AK-Z Posted August 19, 2009 Share Posted August 19, 2009 I use to work for a network security company specializing in sonicwall . Its been years. So I'm not sure how much their layout has changed. I'll try to do some research and get back you. Quote Link to comment Share on other sites More sharing options...
auxilary Posted August 19, 2009 Author Share Posted August 19, 2009 it seems like a bug... because i tried it with both default route on and off, had no effect. still assigned a secondary default route Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.