Cannot reach IP through a VPN. NSA 2650 & TZ670

JAlkazian

Hi

Got an interesting situation that I would love your advice on…

Site A – SonicWall NSA 2460

Subnets

10.3.63.0

10.3.64.0

10.3.65.0

Secondary router from a DMS company at 10.3.64.17 that VPN routes to 207.187.74.117 (their DMS system)

Site B – SonicWall TZ670

Subnet

10.3.62.0

I have a VPN tunnel that connects all subnets via static routes and I can ping back and forth through the VPN tunnel, including the DMS router 10.3.64.17 on site A. My issue is that I cannot reach their DMS system 207.187.74.117 from Site B through the VPN tunnel. I am sure I am missing something?

I tried to create a static route to 207.187.74.117 from Site B but because I cannot ping it, the route doesn’t work,

Thoughts?

Thanks

Jeff

MarkD

Has the DMS company added routing back you your subnets?

JAlkazian

yes... they put a route back to the 10.3.62.0 subnet

JAlkazian

Let me clarify a bit because as i have gone through this, i see where the issue may be.

Site A 10.3.63.0, 10.3.64.0 and 10.3.65.0

VPN Tunnel to Site B 10.3.62.0

Each side is routed back and forth and i can ping all subnets both ways

The issue is that site A has a vendor's router (10.3.64.17) that has a VPN to 207.184.74.117.

My challenge is i cannot reach 207.184.74.117 from site B - the vendor's router NATs from 10.3.64.17 to 207.184.74.117 and has a route back to site B

Thanks for any help you all can add

MitatOnge

could you share connection monitor for both site screenshot during ping each others

JAlkazian

not sure how to create a connection monitor (on the sonicwall?)

MitatOnge

you can find under the Dashboard / Connection monitor

https://www.sonicwall.com/support/knowledge-base/how-can-i-check-the-data-usage-of-internal-machines-using-the-connections-monitor/170505356463402/

JAlkazian

Site B went straight out to the internet and not through the VPN

Site A did not go through the SonicWall and when straight to the vendor's router