Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to access Remote services on existing Site to Site VPN

I have setup a site to site VPN between Site A and Site B. Both sites have cloud resources with a site to site vpn between on-prem FW and Cloud FW. I am trying to route traffic from Site A to Site B, then to Site B's cloud resources.

I see all the on-prem networks traversing data but cannot connect to the cloud resources from either side. I have an ACL VPN SSLVPN ANY ANY and SSLVPN VPN ANY ANY. But no dice.

When running packet monitor I see the traffic being generated but nothing else. I know I have to be missing something right in front of me but cannot put my finger on it.


I know I can setup Site to Site between Site B Cloud FW to Site A On-Prem FW but the On-prem FW has more capabilities/features that I want to utilize. Can anyone point me in the right direction please?


Category: SSL VPN
Reply

Best Answers

  • CORRECT ANSWER
    prestonpreston All-Knowing Sage ✭✭✭✭
    Answer ✓

    Hi Blacksuit,

    Presuming you already have connectivity between Site A & Site B SonicWall

    then you just need to make sure that Site B Cloud Firewall knows about the Site A on Prem Firewall Network. (it needs to be added to its destinations)


    Then on the Site to Site VPN if it is policy based Type (Site to Site) not (Tunnel Interface)


    Site B on Prem Firewall needs to add the Site B Cloud FW Network to the local Networks in the VPN Network Tab in the policy


    Site A on Prem Firewall Needs to have Site B Cloud FW Network added to the Remote Networks in the VPN Network Tab in the policy


    if you already have this the bit you are probably missing is the VPN to VPN Allow rule, not the SSL VPN Rules you mentioned in your post.

    Make sure also you have added the remote networks to be used to the VPN Zone as the SonicWall will then auto setup the correct access rules.

    if you do possibly go down the Route Based method (Tunnel Interface) method as you can route specific IP addresses or ranges this way, you don't need to used advanced routing OSPF, RIPv2 or BGP between just two firewalls as there is no benefit at all, you would be better using the policy based routing (static Routes) using the method below.

    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-tunnel-interface-vpn-route-based-vpn/170505633799556/

  • CORRECT ANSWER
    BlacksuitBlacksuit Newbie ✭
    Answer ✓

    @preston

    I appreciate your efforts but I was able to finally get this resolved. Somehow I missed adding the cloud network into the VPN group...I am seriously smacking myself for that...

Answers

Sign In or Register to comment.