For When You Can't Have The Real Thing
[ start | index | login ]
start > Sonicwall > Multiple Subnets through a VPN

Multiple Subnets through a VPN

Created by dave. Last edited by dave, 277 days ago. Viewed 359 times. #1
[edit] [rdf]
labels
attachments
(2017-02-15)

Problem

I have multiple subnets, maybe in multiple zones, that need to use a site-to-site VPN tunnel.

Solution

Set up a "Site-to-Site" VPN. Create an address group that contains all the subnets (regardless of zone) that need access to this VPN. Create an address group that contains all subnets on the remote side. Use those group objects in the Network tab of your VPN as the "Choose local network from list" and "Choose destination network from list" as appropriate.

If you have a non-Sonicwall firewall on the other end, it may be informative to know that these groups are used to set up proxy-id pairs; set your policies or proxy-id settings accordingly.

Commentary

I couldn't get this to work in tunnel mode.

If you have a SSLVPN network defined, it probably overlaps with one of your internal networks. If you include that internal network, you don't have to include the SSLVPN object in your network group. Note that this may not be what you want -- see SSLVPN Access to VPN Networks.

no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (0)
… and 13 Guests.


Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 6 years and 312 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt