Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


VPN Client Routing

We have an NSA3600 in our main headquarters. We have a Site to Site VPN connection setup on the firewall for our ERP system located in the cloud. I have a consultant that has VPN access into your environment who needs to log into the VPN in order to be on our system & be able to access data on the cloud ERP. He needs to have his IP address show as our gateway/network and not his home office IP in order to be allowed onto the ERP system. I currently have Split Tunnel set on the Wan Group VPN Client connection which I believe is causing the issue for his IP but if I change that it seems to cause network issues at our office. Would the checkbox for "Set Default Route as this gateway" need to be checked or could that cause issues in office also? I'm probably overthinking how to accomplish what I need.


Category: Mid Range Firewalls


  • Options
    prestonpreston Enthusiast ✭✭
    edited June 2022

    Hi ChrisLakeErie , first question, if he is connecting to your site which then has a Site to Site tunnel to the ERP it should be showing as coming from your Internal network when he gets DHCP on his GVPN client so the public IP address he is coming from shouldn't be an issue.

    If for some reason he is conecting to the ERP via it's public FQDN or IP, then on the consultants user settings under Local Users/ VPN access add the remote Public IP (Not the FQDN) of the ERP to the VPN Access, then make sure under the Access rules from VPN to WAN to allow a rule the the remote IP, then create a NAT policy as below, if needed you can change the original Destination to the ERP Public IP.

    This is presuming X1 is your WAN if it is different change accordingly

    get him to log back in and try again to access the ERP.

Sign In or Register to comment.