Remote Access via Global VPN Client to a TZ370W (IPSec VPN)
Rastatt1801
Newbie ✭
Hi!
I have a "historically grown" network setup, where a SonicWall TZ370W has been added. I'm getting VPN access to the SonicWall but not to the network (the several computers behind the sonicwall).
The setup looks like:
- AT&T router connected to "the world outside"
- SonicWall TZ370W connected to the AT&T Router
- Linksys WLAN AP/Router connected to the SonicWall
- Several Laptops etc. connected via Wifi and LAN cable to the Linksys
From within, everything's running fine.
I setup an IPSec VPN on the SonicWall and i can connect from external to this Firewall. I get an IP address from the SonicWall DHCP-Server, but not a valid Gateway (always 0.0.0.0). So no access to the internet from remote (I switched on that all the traffic should be routed through this VPN on the client) and no access to the Laptops behind the Linksys router.
First of all: does this setup make sense or is it total bs? we tried to change as little as possible to get the firewall running…
Secondly: where (or how) can I check, where the mistakes lie? wrong ip-addresses/ranges/bad dhcp configs….?
What further information do i have to provide to get a step further?
Thanks for your help,
Claudius
Answers
Hmmm, no reply since my post. Is it so simple (or am I too stupid)? Or does nobody really have an idea? are there some facts missing, I forgot to mention?
any help is greatly appreciated!!
Show us some sanitized screenshots please. Did you follow the KB article?
https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-wan-groupvpn-on-sonicwall-to-connect-using-global-vpn-client-using-wizard/170505312494416/
Thanks for your answer. Yeah, I followed the article, and from the remote user I can even access the SonicWall itself - but nothing else.
Here are some screenshots. Tell me, if you need more or other screenshots
What about the Client tab of the GroupVPN policy? And the access rules for the VPN?
What IPs are configured on the Sonicwall interfaces? The linksys?
Are there any devices NOT 'behind' the linksys (behind the sonicwall only), if so, can you access them via VPN? is your linksys in its more or less default config where its acting as a router/NAT/firewall?
If your linksys is doing NAT and firewall than thats likely where your issue is.
IPSonicWall 192.168.168.168 (192.168.1.132 from AT&T Router-DHCP-Server, DHCP-Server on Sonicwall: 192.168.168.1-167)
Linksysrouter 10.189.1.1 (192.168.168.144 from the SonicWall DHCP-Server)
VPN-IP: 192.168.168.65 (from the SonicWall DHCP, with other configuration than above, since the Linksys DHCP doesn't send an IP address to the VPN)
and no, there are no other devices behind the sonicwall. The at&t router "in front" also can't be reached with a ping)
Is there a reason the Linksys is still in place? As I stated before, if your linksys is doing NAT and firewall than that is where your issue is.
Try connecting a device directly to one of the Sonicwalls LAN ports (you may need to portsheild another interface to X0:
https://www.sonicwall.com/support/knowledge-base/how-to-create-port-shield-interface-on-sonicwall/220526143046713/%29 ), then VPN in and attempt to connect to said device.
Thanks for your help so far (and your patience :-), I'm gonna check it with a device directly connected to the SonicWall. It's not that easy as I'm sitting in Germany and the SonicWall is somewhere in San Francisco ;-)