Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Site to Site VPN

Hello Community,

So I am new to sonicwalls and need to create a site to site VPN. I have the instructions from the other side and need the VPN to connect to one of our servers only.

What is the best way to do this please?


Sonicwall NSa 4650

Thanks,

Asif

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    Asif_IqbalAsif_Iqbal Newbie ✭
    Answer ✓

    @BWC no worries - we all have days like this :). I'll check this now and save.

    Thanks,

    Asif

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Asif_Iqbal do you know how to create a VPN Tunnel? If not check the following KB-Article.

    To allow only the needed access, you have to uncheck " Suppress automatic Access Rules creation for VPN Policy" on the Advanced Tab of your VPN Policy. This denies any traffic per default and you have to create an Access Rule from VPN to LAN allowing the access to the Resource.

    --Michael@BWC

  • Asif_IqbalAsif_Iqbal Newbie ✭

    Hi Michael,

    Thanks for your reply. I have seen the article you have mentioned. I have gone through the OS 6.5 setup. However, I do not know if what I have setup is correct for the other party to access the required server only.

    Thanks,

    Asif

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Asif_Iqbal is the other party running a SonicWall as well? The Access Rules are straight forward if you have your Tunnel up and running.

    Remote Side: Local Net -> Your Server / Service - Allow

    Local Side: (VPN to LAN) Remote Net -> Your Server / Service - Allow

    Just check the mentioned Advanced Setting, this will avoid the Default Rule.

    --Michael@BWC

  • Asif_IqbalAsif_Iqbal Newbie ✭

    @BWC the other side is a Cisco ASA. Thanks for the pointers. I'll check this out shortly.

    Kind Regards,

    Asif

  • Asif_IqbalAsif_Iqbal Newbie ✭

    @BWC I have created the VPN section and Address Objects from my side. I am waiting for the other party to complete their side. I tried to create a Rule for this as described in your above message. However, this did not apply - "Error - Policy Action: Rule overlap, rule not added". Is this due to the VPN not being active at the moment?

    Thanks,

    Asif

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Asif_Iqbal do you mind sharing a Screenshot of your Access Rules from VPN to LAN? Maybe there is a conflicting Default Rule, you can check the origin of the rule by hovering over the little bubble.

    --Michael@BWC

  • Asif_IqbalAsif_Iqbal Newbie ✭

    @BWC - apologies Michael, it looks like the rule has Auto Added.

    My only concern is I have setup my side as HOST rather than a network as I want access to 1 server only.

    Thanks,

    Asif

  • BWCBWC Cybersecurity Overlord ✭✭✭

    You did not unchecked "Suppress automatic Access Rules creation for VPN Policy" as I suggested, this is the resulting Default Access Rule for your VPN Tunnel.

    If the Rule fits your need you're good to, but if you change later on the Local or Remote Networks in your Tunnel it might have unwanted side effects. Therefore I suggest to uncheck the automatic creation and define manually what you like.

    --Michael@BWC

  • Asif_IqbalAsif_Iqbal Newbie ✭

    @BWC it is unticked as you first suggested

    I made sure before I setup the VPN Policy.

    Thanks,

    Asif

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Asif_Iqbal I'am stupid sometimes, it has to be checked not unchecked ... I was not really into this with my head, busy day, sorry for the confusion. We need to Suppress the automatic creaton, therefore it needs to be checked.

    --Michael@BWC

Sign In or Register to comment.