Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ270 VPN Tunnel Traffic Issues

I have two tz270 units that I am setting up to provide a VPN tunnel between sites.

Using 1 wan port and grouped interfaces to X0 for the LAN.

For testing they are both connected to a switch. Site A has a WAN of 10.10.10.4 LAN is 192.168.72.4

Site B has a WAN of 10.10.1.05 and the LAN is 192.168.73.4.

I have a VPN tunnel established between the units but no traffic is flowing between the units. The tunnel was created using a tunnel interface policy.

There is an address object created on each unit that is a zone VPN network type and refers to the network of the remote LAN address. also have a routing rules that is source any destination is the address object created referring to the remote LAN. Next hope is standard route and the interface is set to the the VPN tunnel interface.

Please advise of the next steps or if more information is needed to help me resolve this.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • ThKThK Cybersecurity Overlord ✭✭✭
  • tedschtedsch Newbie ✭

    I have put a subnet mask of 255.255.0.0 on the LAN devices that I am testing with.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    And the winner is ... @ThK 🏆️ ... 255.255.0.0 overlaps both locations, you should go with 255.255.255.0. You cannot reach the remote network because it's treated as part of the local subnet.

    --Michael@BWC

  • tedschtedsch Newbie ✭

    Let me hook things up and give it shot,

  • tedschtedsch Newbie ✭

    The subnet being opened up was the trick.

    Thanks for the nudge in the right direction.

    Now I would like to be able to connect to one site and manage both from the same Netextender connection. I can connect to one or the other site and manage that site but not both. When I try and connect to the web management interface of site B from site A I get a site can not be reached message. But I can ping the interface of site B from site A.

    I have the Management VIA This SA HTTPS enabled for both sites under the VPN policy.

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭

    Don't forget to add the remote subnet to the SSLVPN client routes [or use tunnel all].

    And a route back to your SSLVPN client subnet.

  • tedschtedsch Newbie ✭

    Thanks for the pointers folks!!

    Way more help full than trying to get a support contract added to one of the devices so I can ask support a question. Ugg that is a frustrating experience....

Sign In or Register to comment.