Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Cannot connect to LAN Subnet

TENUTOTENUTO Newbie ✭

Configuration done according to video https://www.youtube.com/watch?v=-6Vtzns03Zs

Checked according to article https://www.sonicwall.com/support/knowledge-base/ssl-vpn-client-is-connected-and-authenticated-but-can-t-access-internal-lan-resources/170503557761052/

But I'm stuck. Cannot ping internal resources in X0 (LAN subnet), not even LAN IP address of the firewall itself.

There is no problem to connect:

The route seems to be right, pointing to LAN Subnet.

Please give me some ideas of what possible can be wrong.

BR

/Thomas

Category: SSL VPN
Reply

Best Answer

  • CORRECT ANSWER
    TENUTOTENUTO Newbie ✭
    Accepted Answer

    Hi all, and thanks very much for your suggestions. After double checking all of your suggestions I found that all thoose parameters where right in my configuration. But the strange thing is that it is now working!! But the frustrating thing is that I don't know why....

    The only thing I did was to remove an internal IP-address on the LAN to a local DNS server... under SSL VPN->Client Settings->Client Settings. After that I can PING internal IP-addresses on the LAN. I think this is a bit strange. After reenter that IP it is still working. A mystery, but anyhow it is working, so I'm happy.

    Thank you all for your efforts to help me out!

    Happy Easter

    /Thomas


Answers

  • KaranMKaranM Moderator

    Hello @TENUTO,

    trust you are safe and well!

    Please make sure the following:

    • Under MANAGE | Rules| Access Rules, select SSLVPN to LAN (Local network zone that you are trying to access) and make sure you have a rule with ALLOW action in there
    • Please also make sure that you are not having overlapping subnets on either site(Client site or Firewall Site).
    • If the configuration looks correct, we can run a packet capture. This will tell us what is wrong with the packet flow.
    • For setting up Packet Monitor, please follow https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/.
    • The article shared for setting up Packet monitor is with an example for TCP and UDP traffic, in your case, we will set it up for ICMP (Please follow the screenshot below, this is how you will set the capture for ICMP based on Source IP, rest all remains the same as per the KB) and share the packet flow here (Are there any dropped packets, do we see the correct flow, i.e Request, and Response):


    Note: Please try to ping internal machines and not the Firewall IP, for Firewall IP a separate rule needs to be created. Also make sure there is no endpoint security (Windows firewall) blocking the response from internal machines.


    Thank You

    Knowledge Management Senior Analyst at SonicWall.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @TENUTO ,

    make sure that the user you're connecting with has your LAN subnet listed on the VPN Access tab. That's the only thing I could think of besides the points mentioned by @KaranM.

    --Michael@BWC

  • Hello all:

    In addition to the above-mentioned "LAN subnet listed on the VPN Access tab" under the User's settings, the same object must also be configured in the Client Routes, which is part of the Default Device Profile, found under SSLVPN Client Settings screen.




Sign In or Register to comment.