Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

2 separate isp's. How to setup VPN to work with both static ip addresses

I looked around a bit but have not found an answer. We have a second internet service provider for redundancy which is hooked up in a load balancing setup. I want to also be able to vpn into our network using the second IP address.

Thanks!

sam

Category: Entry Level Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    Accepted Answer

    Are you talking about site to site VPN, GlobalVPN, or SSLVPN?

    Site to site policies are bound to the WAN zone for outbound traffic by default, meaning a device will initiate a tunnel over any available WAN interface. Site to site policies can be configured with multiple gateway addresses to connect to, meaning the device will initiate a tunnel to either of the gateway addresses.

    GlobalVPN and SSLVPN are much more complicated. Either you can set multiple profiles on the client, or use round robin DNS.

    Read more: https://en.wikipedia.org/wiki/Round-robin_DNS

  • CORRECT ANSWER
    TKWITSTKWITS Cybersecurity Overlord ✭✭✭
    Accepted Answer

    As long as the second ISP interface is in the WAN zone and SSLVPN is enabled on the WAN zone the Sonicwall will automatically open the required ports on the interface.

    The big question is if the second ISP is actually providing you a bridged interface (they are providing you a clean handoff), or if they are running a firewall on their modem/handoff device that is preventing the traffic. You can test this easily by enabling ping on the second ISP interface and attempting to ping that interface address from a different internet connection.

Answers

  • shiprasahu93shiprasahu93 Moderator
    Hello @skunkworks ,

    You can mention the second IP on the remote end as the secondary peer IP address. This can be set in the VPN policy itself on the other end.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • skunkworksskunkworks Newbie ✭

    I am not explaining my self very well (and probably don't understand what I am asking)

    We use net extender to 'dial' into our network. We don't have a dns record associated with our ip address. So net extender points to the static IP address of our ISP. We now have 2 ISP and a second IP address. What we would like is for (as a fall back) the 2nd ip addres to also allow vpn connections.. (Or should this just work? I have only tried it once and it wouldn't connect)


    sam

  • skunkworksskunkworks Newbie ✭

    You are right - If I enable ping on the 2 interfaces - only the one we have been using is pingable...

    I will have to get with that isp when I double check it at the modem.

  • skunkworksskunkworks Newbie ✭

    Surprisingly - I reached out to centurytel (lumen) and they agreed that the firewall should not have been applied to the internet connection. They removed it and now I can ping an vpn into the connection.

    Thanks for the push in the right direction.

  • MicahMicah Administrator

    🖐️ Sr. Manager, Web and Digital, SonicWall. Say "hi" by tagging me at @micah.

Sign In or Register to comment.