Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Tunnel All Mode - Setup

CV_FrankCV_Frank Newbie ✭

Hello,


I am configuring our SSL VPN (that currently works great) to Tunnel All Mode. This is a NIST requirement for our client.

I am reading the following articles -

https://help.sonicwall.com/help/sw/eng/6910/26/2/1/content/SSL_VPN_Client_Routes.089.3.html

https://www.sonicwall.com/support/knowledge-base/how-can-i-allow-sslvpn-users-access-to-the-internet-when-using-tunnel-all-mode/170505877560278/

My question is regarding the Network Object "WAN RemoteAcess Networks" it mentions it should be "a network address object whose value 0.0.0.0 acts like a default route"

In every written SonicWall tutorial This Network Object is already there, but on ours, it is not. So I figured no big deal, I'll just create one, but it gives me no other information about the type or zone that I should use.


My question is, to you wonderful people, is has anyone successfully set up SSL VPN in Tunnel All Mode? If so, can you please describe your "WAN Remote Access Network" network object to me, in detail? Also, did you have to add any nat/firewall policies to get it to work? According to the above article, I shouldn't have to do anything besides Add that network Object "WAN Remote Access Networks" to the SSL VPN client settings page under Client Routes, and boom it should work.


I do not want any suggestions regarding group VPN, or other VPN configurations, we have something that works very well for our client, We just need to update the settings so it becomes compliant.


Thank you

Category: SSL VPN
Reply
Tagged:

Answers

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    @CValencia

    Try the below configuration. This i was prepared for another person so may be it will help you.


    Step-1

    Create a Address object Group and add your LAN Subnets & the SSLVPN IP POOL/NW (See the below screen shot)

    Step-2

    Add a Route Policy as same as below example:

    After apply the above Route Policy the Access rules created should be same as below;

    LAN to VPN

    VPN to LAN

    TZ300 (Remote Location) Configuration:

    Step 1:

    Create a Address object Group and your 2650 network & SSL VPN IP POOL/NW (See the below screen shot)

    Step:2

    Add Route Policy for your 2650 & SSL VPN Access

    After apply the above Route Policy the Access rules created should be same as below;

    LAN to VPN

    VPN to LAN

    Testing the Connection:


    Make sure your User account have privilege to access the 2650 network as well as the remote location network.

    SSL VPN Client Routes:


    Please let me know if its help you or not.

Sign In or Register to comment.