Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Site to Site VPN access problems

JamesYJamesY Newbie ✭

Dear all:

My company use site to site VPN with TZ210 to connect A and B. Now, we bulid a new office in C. I setup a new site to site VPN between A and C. the VPN is active and I can ping C network from A site.but I can't ping A from C. is it any routing I miss ? below is the information about A B C

A 10.30.0.0 gateway 10.30.0.1 255.255.255.0 TZ 210

B 10.40.0.0 gateway 10.40.0.1 255.255.255.0 TZ 210

A and B use site to site vpn to connect each other and I don't need make any other configuration. it's connect normal.

C Have Vlan the TZ300 is on router model(turn off the DHCP). X0 LAN ip is 192,168,168,1 gateway 10.0.88.1

core network switch 10.0.88.254 Vlan --- lan 10.50.0.0/24 wifi 10.60.0.0/24

we made a routing to access internet in C firewall.

source: any

destination: office net(address gourp which inclued 10.50.0.0 10.60.0.0 )

services: any

gateway: 192.168.168.254

interface: X0

I can ping 10.50.0.1 10.60.0.1 form A but can't ping 10.30.0.1 from C the VPN is active.

Would you please to give me some guide ?

Category: SSL VPN
Reply

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @JamesY

    Can you check is there any other service such as SMB or telnet is working in between these two subnet?

    If its working, change ping service priority to high in access rule ( for the s2s ).

  • JamesYJamesY Newbie ✭

    @Ajishlal

    Thank you very much for your reply. I am not sure whether SMB or telnet is working between A and B. I will check first through I am not familiar with Fairwell setttings. But I also can't access server which in A site through remote desktop from C.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @JamesY

    in that case your s2s having ACL issue. Can you brief us your S2S configuration so might be we can help you to resolve your problem.

  • JamesYJamesY Newbie ✭

    @Ajishlal Thank you for your reply. below is the settings of my firewall.

    Please let me if I miss any information you need. I am very appreciate for your help.


  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @JamesY

    Show me the Address Object also which you created for the S2S.(From both end)

  • JamesYJamesY Newbie ✭

    Dear @Ajishlal

    here is the information



  • AjishlalAjishlal Community Legend ✭✭✭✭✭
    edited September 29

    @JamesY

    The Zone assignment is wrong. If its the remote firewall subnet, you would have to create address object with VPN Zone.

    NB: Assume you created the VLAN in Firewall.

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    @JamesY

    As per your network diagram, in Site C you have core switch & gateway device and VLAN's are created in core switch.

    from gateway device to Core Switch how the routing is configured?

  • JamesYJamesY Newbie ✭

    @Ajishlal

    site C firewall T300 IP 192.168.168.1 255.255.255.0

    The address of the Layer 3 interface from the gateway to the firewall is 192.168.168.254

    gateway route

    Destination network segment Destination segment subnet mask next hop

    0.0.0.0 0.0.0.0 192.168.168.1

    0.0.0.0 0.0.0.0 183.167.X.X (this is the private lan use for monitor)

    10.50.0.0 255.255.255.0 10.88.0.254

    10.60.0.0 255.255.255.0 10.88.0.254

    core switch route

    0.0.0.0 0.0.0.0 10.88.0.1

Sign In or Register to comment.