Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Access from main site subnets to remote site WLAN via VPN

Hi

I have a site that has 2 LAN Subnets, that is linked to a remote site via IPSEC Site to Site VPN.

I need a single PC, to be able to see the wired LAN on X0 (which it currently can) and the WLAN on X3 (which it cannot), so our LANSWEEPER installation can obtain info on anything plugged into it.

I'm unsure of the way round the rules need to be.

At our main site, I've created a rule to allow the LANSWEEPER pc to 'see' the WLAN' on our local site - which works, but can't seem to allow it to 'see' the WLAN on the remote site.

Any help gratefully received.

Thanks

Category: Firewall Security Services
Reply

Answers

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Both of the networks need to be included in the site-site policies at both ends of the tunnel, otherwise they won't be available.

    Once you have green lights for both networks, then you can look at adjusting your access rules to suit the access you want to allow. By default the access rules will be created to allow everything.

    If you manage both firewalls then it doesn't really matter which end you restrict access at.

  • OK, thank you :)

    I now have access and have told it to only let 1 pc have access, but it seems i can ping etc from any pc on the LAN.


    On the main site i have LAN to VPN, Source PC to WLAN subnet, which allows access, but i don't have anything at the other end. I tried adding this rule but reversed but it didn't change anything...

    Any pointers greatfully received

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Rules are processed top-down, first match wins. Create your rule to allow the one thing you want to allow, and below that, create your rule to block everything [or, un-tick the default rule that was created by the VPN policy].

    You need to create your rules in the appropriate Zone -> Zone pairing.

Sign In or Register to comment.