Site to Site VPN from x2 subnet not passing traffic
Hi.
SiteA has a 192.168.1.0/24 subnet on the X0 interface. SiteB has a 192.168.1.0/24 subnet on it's X0 interface as well. I have set up a separate subnet(192.168.13.0/24) on the X2 interface of SiteB and a tunnel from that X2 interface to the X0 interface on SiteA. There are a couple PCs at SiteB(on the 13.0 subnet) with software that need to connect to a server at 192.168.1.1 at SiteA without a conflict to the 1.0/24 subnet locally at SiteB.
The tunnel is up and configured properly as far as i can tell but it will not ping anything or connect to the server on the 1.x subnet of SiteA.
If you need a backstory:
I have a 13 site customer. 9 sites have a server at SiteA. They just bought another 4 site company that has their own server at SiteB, that the 3 others connect to. Those 4 sites have subnets that conflict with 4 of the existing 9 site company(1.0/24, 2.0/24, 3.0/24, and 4.0/24).
For a period of time, those 4 new sites have to have a couple machines each that are on a new X2 subnet and tunnel to the server(192.168.1.1) at SiteA, while all the existing pcs at those locations can still talk to the server on the X0 1.0/24 subnet at SiteB.
The three sites on the 2. 3. and 4. are working just great. But the SiteB cannot see the SiteA 1.0 subnet.
Hope this makes sense..
Any help is appreciated and happy to clarify if I need to.
Joe
Answers
Hi @Cupojoe421, if you want to start splitting subnets over the VPN you need to look at route based VPN as with policy based the SonicWall doesn't know that you are trying to go over the VPN to access devices on the 192.168.1.0/24 network it will just try and route them locally via its X0 and not over the VPN,
if you are using route based VPN you could say for example 192.168.1.20 is over the VPN using the route (metric less than 20) this way it would not look locally but all the rest of the 192.168.1.0 would be routed via X0
https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-tunnel-interface-vpn-route-based-vpn/170505633799556/
not sure if this will help or maybe trigger something in your brain, but you may have to create a VPN address object of the server like i did, then create access rule VPN to VPN to pass that particular object over the VPN , I know it sounds odd because you may already have the LAN objects created under the VPN tunnel but I have a server on one firewall (A) LAN and the customer is on another firewall (B) with a differ subnet, I had to create a VPN to VPN rule to allow user on B to access ip object on A over the VPN