VPN into multiple LAN Subnets

vpn networking subnet sonicwall
7,140

The problem was not that VPN clients could not access the X3 network, any LAN device on the Sonicwall could not access the X3 network. Once a NAT entry was created to properally translate the source/destination of the packets destined for the X3 network everything worked fine. This is also described in a bit more detail in this question: Sonicwall routing between multiple subnets on multiple interfaces

Share:
7,140

Related videos on Youtube

Rain
Author by

Rain

Updated on September 18, 2022

Comments

  • Rain
    Rain almost 2 years

    I need to figure out a way to allow access to two LAN subnets on a SonicWall NSA 220 through the built-in SonicWall GlobalVPN server. I've Googled and tried everything I can think of, but nothing has worked. The SonicWall NSA management web interface is also very unorganized; I'm probably missing something simple/obvious.

    There are two networks, called Network A and Network B for simplicity, with two different subnets. A SonicWall NSA 220 is the router/firewall/DHCP Server for Network A, which is plugged into the X2 port. Some other router is the router/firewall/DHCP server for Network B. Both of these networks need to be managed through a VPN connection.

    I setup the X3 interface on the SonicWall to have a static IP in the Network B subnet and plugged it in. Network A and Network B should not be able to access each other, which appears the be the default configuration. I then configured and enabled VPN.

    The SonicWall currently has the X1 interface setup with a subnet of 192.168.1.0/24 with a DHCP Server enabled, although it is not plugged in. When I VPN into the SonicWall, I get an IP address supplied by the DHCP Server on the X1 interface and I can access Network A remotely although I do not have access to Network B.

    How can I allow access to both Network A and Network B to VPN clients although keep devices on Network B from accessing Network A and vice-versa.

    Is there some way to create a VPN-only subnet (something like 10.100.0.0/24) on the SonicWall that can access Network A and Network B without changing the current network configuration or allowing devices on both netorks "see" each other? How would I go about setting this up?

    Diagram of the network: (Hopefully this kind of helps)

           WAN1                                    WAN2
        |                                       |
[ SonicWall NSA 220 ]-(X3)-----------------[ Router 2 ]
        |                                       |  
       (X2)                               192.168.2.0/24
    10.1.1.0/24

    Any help would be greatly appriciated!

    • SpacemanSpiff
      SpacemanSpiff over 11 years
      Is router 2 just a router, or is it also a stateful firewall?
    • Rain
      Rain over 11 years
      Router 2 is a stateful firewall, although this shouldn't matter. If I SSH into the SonicWall, I can ping devices on Network B. The X3 port on the SonicWall is actually plugged into a switch that Router 2 is also connected to.
    • SpacemanSpiff
      SpacemanSpiff over 11 years
      Sure, that's because the Sonicwall has an interface directly in the 2.0/24 network that you can get a direct ARP response from. I'm trying to figure out how to use a dedicated subnet on the Sonicwall just for GlobalVPN clients... you will need to add a static route onto RT2 for that subnet, I just don't see how to create it just yet. I think a new zone, with a loopback interface in that zone would do it.
    • SpacemanSpiff
      SpacemanSpiff over 11 years
      I wish I could full prove this out for you,but I'm fairly certain the answer to your problem will be under the "DHCP over VPN" configuration section under VPN
    • Rain
      Rain over 11 years
      I've tried every permutation of settings in the "DHCP over VPN" section. I find it interesting that there is a VPN zone pre-configured but it simply shares the LAN Subnet (on X1, in this case). Network A is currently accessible, although Network B and even the X3 Interface IP are not.
    • SpacemanSpiff
      SpacemanSpiff over 11 years
      Yes, you'd need to add network B as a network object and then give the user's group access to it. Still a little unclear here... might be worth a ticket to sonicwall

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sonicwall site-to-site can not access remote network
How to Route Traffic in Case PPTP Remote Client is on Same Subnet as Server
Advice for configuring a SonicWALL NSA 2400 to use two subnets and L2 Bridge Mode
How do I set up routing for a VPN gateway separate from my main gateway?
Sonicwall routing between multiple subnets on multiple interfaces
How to set up a VPN in a different subnet
Get IP Mask from IP Address and Mask Length in Python
how to get subnet from ip address in java
How can i calculate ip address range from subnet mask
Calculate IP range by subnet mask