Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Tunnel interface with 2 WAN connections each side (4 tunnels)

AlanEAlanE Newbie ✭
edited August 2023 in Mid Range Firewalls

trying to connect two sites with Tunnel Interface

Both sites have Nsa2700s with 2 WAN circuits in each (X2 and X4)

Looing to create 4 tunnels, but run into issues when attempt to create multiple tunnels to the same remote IP.


would like to have the following tunnels

Site A X2 - Site B X2

Site A X2 - Site B X4

Site A X4 - Site B X2

Site A X4 - Site B X4

Is this possible?

the following appears in a pop-up when attempting to save the VPN policy. Will this cause an issue?

"Found a policy with the same peer gateway [redacted public IP by Community Manager]. Phase1 proposal for matching policy might be overwritten. Click OK to proceed or Cancel to change settings."

Category: Mid Range Firewalls
Reply

Answers

  • MustafaAMustafaA SonicWall Employee
    edited August 2023

    @AlanE , please refrain from posting actual public IP addresses, if this is the case.

    Yes, you should be able to implement this scenario. Make sure to select the respective local WAN interface under the "Advanced" tab of the tunnel interface, i.e. "VPN Policy bound to".

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @AlanE the message you're getting is more of a warning but do not cause any trouble if you're using different IKE IDs and PSKs for each connection. I'am running this scenario on multiple deployments with Tunnel Interface and various WAN interfaces on each side. (2:1, 1:2, 2:2, ...).

    --Michael@BWC

  • prestonpreston Enthusiast ✭✭
    edited August 2023

    Hi @AlanE / @BWC , the error message popping up only happens on Gen7 appliances and this is a known bug I have a support case raised with support and engineering are looking in to it,

    What you are doing is possible as Michael rightly stated and is used all the time to allow for overlapping policies needed for redundancy,

    also please make sure you change the VPN names to not have the first 16 characters the same (as this is a current issue also) possibly name like below to avoid this

    1 Site A X2 - Site B X2

    2 Site A X2 - Site B X4

    3 Site A X4 - Site B X2

    4 Site A X4 - Site B X4

    @MustafaA , F.Y.I. even if you choose the correct interface you get the error on Gen 7 see video on support case (44312180)

  • MustafaAMustafaA SonicWall Employee

    With reference to "... the error message popping up only happens on Gen7 appliances and this is a known bug...", the issue ID is GEN7-41268.

Sign In or Register to comment.