Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

only X0 LAN subnet is reachable with SSLVPN connexion

Hello !

today i have this problem:

I have two LANs on two two interfaces X0 and X3

the L2TP server is configured on a range of X0, when I connect with an L2TP VPN client, I manage to join all the resources of the X0 subnet, but not those of the X3 subnet.

However, I added two rules (SSLVPN to LAN and LAN to SSLVPN) by correctly setting the IP ranges.

what's weird is that I did a test by changing the L2TP server pool on a range of X3: and there everything works: I manage to join the resources of X0 and X3.

thank you in advance for your help

Category: Entry Level Firewalls


  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    You need to configure Client Routes as well in SSLVPN [an annoying defect of the SSLVPN implementation, IMO], it's not enough to just allow user access to the network.

    Can you clarify whether you mean L2TP or SSLVPN?

  • mimizmimiz Newbie ✭

    thanks @Arkwright !

    the Client Route is configured to LAN subnets, i imagine that X0 and X3 are included, am i wrong?

    i'm using L2TP server to connect the client throught L2TP via IPSec config with login, password and sharedKey

    i configure my local users , i added them to SSLVPN group, to allow them to connect.

    the VPN Access is set on LAN subnet

    and the client route (SSL VPN -> Client setting is also configured on LAN Subnets)

    But Why when i change the L2TP server pool on a range of X3: everything works: I manage to join the resources of X0 and X3.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    I've never configured a Sonicwall as an L2TP server so I cannot offer you much help on that front. This also means I have no idea if SSLVPN Client Routes are relevant to L2TP clients. What instructions are you following here?

    If X0 and X3 are both in LAN zone then "LAN Subnets" object would include both interface's subnets.

  • mimizmimiz Newbie ✭

    yes i think so' ! but it seams not work ! i will open a case at sonicwall.

    thanks @Arkwright

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Try using the individual address objects for X0 and X3 subnets in the SSLVPN Client routes. I have seen where groups aren't dealt with properly.

Sign In or Register to comment.