Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

No routes for SSLVPN clients unless "tunnel all" mode is enabled

LJTechLJTech Newbie ✭

TZ-600 Sonic OS 6.5.4.4 NE Client 9.0.274

as the title says I cannot get client routes for the Net Extender/Moblile connect client unless Tunnel all is enabled in the SSLVPN client configuration

I've done the following:

  • Created virutal IP pool seperate from the network.
  • Created Virtual LAN subnet
  • created Nat Rules for both

I'm following this guide due to the situation we have with some of the roving users: https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-ssl-vpn-netextender-for-clients-with-overlapping-subnet/170504796310067/

some back story, this TZ-600 is replacing a TZ215. I set it up from scratch.

All the site to site connections work. the one hold out GVC install (Me) works just fine. Prior to the changeover the SSL clients worked just fine however "tunnel all" mode isn't wanted because it prevents zoom, teams and Outlook o365 connections from working on the remote host. We also don't want them streaming music through our WAN. Users are currently working off the old firewall till I get this solved.

any idea of what I am missing?

Thanks.

Category: SSL VPN
Reply
Tagged:

Best Answer

Answers

  • KaranMKaranM Moderator

    Hello @LJTech ,

    I hope you are doing Good!

    The article you are referring is for overlapping subnets so I assume the same in your case, Can you please let me know the following:

    • When you say created Nat rules for both, do you mean that you have created 2 separate Nat policies as the article only one Nat policy (inbound)?
    • When connected are you trying to access the dummy network or the actual Local networks IP? (Here we should be trying to reach the dummy network).

    Example: If the actual network is 192.168.10.x and the dummy network is 192.168.20.x, to test you should be trying to access 192.168.20.x.


    Thank You

    Knowledge Management Senior Analyst at SonicWall.

  • LJTechLJTech Newbie ✭
    edited March 20

    I'm doing well thanks!

    I may have typed that wrong. there is only one NAT rule as specified in the document.

    I can connect to the dummy network. and the resources are available through it.


    The actual problem is in the title though. SSLVPN connections work when tunnel all is enabled in the SSLVPN client properties.

    When I disable tunnel all, the connection fails in NetExtender with the error "no client routes found"


    We don't want tunnel all enabled because they are using their home PC's and do not want any of their music or web traffic to go through our WAN.

  • LJTechLJTech Newbie ✭

    Okay thanks. this weekend i'll have a chance to revew the configuration on the production one and double check all the rules and such.

    If that doesn't work then are you saying I should open up a ticket in the support portal and send my config file?


    Thanks for your help.

Sign In or Register to comment.