For When You Can't Have The Real Thing
[ start | index | login ]
start > Sonicwall > Multiple Subnets through a VPN

Multiple Subnets through a VPN

Created by dave. Last edited by dave, 7 years and 42 days ago. Viewed 2,534 times. #1
[edit] [rdf]
labels
attachments
(2017-02-15)

Problem

I have multiple subnets, maybe in multiple zones, that need to use a site-to-site VPN tunnel.

Solution

Set up a "Site-to-Site" VPN. Create an address group that contains all the subnets (regardless of zone) that need access to this VPN. Create an address group that contains all subnets on the remote side. Use those group objects in the Network tab of your VPN as the "Choose local network from list" and "Choose destination network from list" as appropriate.

If you have a non-Sonicwall firewall on the other end, it may be informative to know that these groups are used to set up proxy-id pairs; set your policies or proxy-id settings accordingly.

Commentary

I couldn't get this to work in tunnel mode.

If you have a SSLVPN network defined, it probably overlaps with one of your internal networks. If you include that internal network, you don't have to include the SSLVPN object in your network group. Note that this may not be what you want -- see SSLVPN Access to VPN Networks.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt