Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

VPN configuration

DisaRicksDisaRicks Newbie ✭
edited August 2021 in High End Firewalls

Hi everyone,

not a big specialist but this question.

On the image joined, you can see that i have 2 sites (A and B)

My first question is how to configure a VPN Connexion between those two TZ-400 knowing that :

1/ i connect to site B with an external IP Address (0.0.0.0/0.0.0.0)

2/ I nat the destination address to change my WAN Address to 172.20.90.32 (a server on SITE A)

I must go through the VPN to be connected to the TZ400 (A) and then i continue my way to the server 172.20.90.32

If i make a site to site vpn , i must declare the local and remote network but the local network is any and the remote is only my server. I've a green led on the vpn connection but the traffic never take the vpn way.

any idea is welcome.

ROUTE on TZ-400 B

Source : ANY

Destination : 172.20.90.32

SERVICE : 1919

GATEWAY : the X5 Ip of the TZ400 (A)

Interface X2

NAT on TZ-400 B

SOURCE ORI : ANY translated : Original

DESTINATION ORI : WAN IP Of TZ-400 B translated to : 172.20.90.32

SERVICE ORI : 1919 translated to Original

INBOND : X2

OUTBOND : ANY

Thank you very much for your help



Category: High End Firewalls
Reply

Answers

  • Hello @DisaRicks,

    How is the VPN configured, is it site-to-site VPN or route-based VPN?

    If there is a site-to-site VPN, SonicWall automatically sends the traffic through the VPN. But if you add a static route, it does not pass through the VPN engine and goes unencrypted using that route.

    Also, I am not sure why the NAT is set up on site B, is there a reason why the traffic is destined for the site's own WAN IP instead of the destination? I am guessing it should be on site A.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DisaRicksDisaRicks Newbie ✭

    Hi,


    thank you to assist me.

    First, yes i try a site to site VPN but maybe it's not the good solution.

    Second, the reason why i do the NAT on site B is the following :

    As you can see on the joined image, we have 2 sites.

    On each site, we receive alarm from ANY addresses.

    Each alarm knows only the WAN IP of the Site.

    Then i NAT the WAN IP to The destination IP (the SERVER 172.20.90.32 or 172.24.90.32)

    and the route is Vertical on the image. Site A goes to 172.20.90.32; site B goes to 172.24.90.32

    Now we have a very big maintenance on site B for minimum a week and then i try to route the alarms that comes on WAN IP site B to the Site A. That's why i want to make a VPN connexion between the two sites.

    Then i let the NAT on Site B and i transfert a paket with source : ANY to DESTINATION : 172.20.90.32 instead of 172.24.90.32. I just change the NAT properties and the Access Rules. But i also have to create a route i think.


    Thank you.

    Eric


  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited August 2021

    A site to site VPN with 'local network' as ANY should only be used in specific circumstances.

    Start with a simple VPN. Create a temporary network on an extra interface on both Site As and Bs TZ400. Then, with devices connected to the extra interfaces for testing, create a VPN tunnel so that both test devices can communicate across the VPN. See the following article.

    Start simple, then move to the more complex. Focus on acheiving your goal one step at a time. If you can get a simple Site to Site VPN working you'll be able to understand the basics of what is needed for more complex setups.

Sign In or Register to comment.