Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

TZ270 VPN Tunnel Traffic Issues

tedschtedsch Newbie ✭
in Entry Level Firewalls

I have two tz270 units that I am setting up to provide a VPN tunnel between sites.

Using 1 wan port and grouped interfaces to X0 for the LAN.

For testing they are both connected to a switch. Site A has a WAN of 10.10.10.4 LAN is 192.168.72.4

Site B has a WAN of 10.10.1.05 and the LAN is 192.168.73.4.

I have a VPN tunnel established between the units but no traffic is flowing between the units. The tunnel was created using a tunnel interface policy.

There is an address object created on each unit that is a zone VPN network type and refers to the network of the remote LAN address. also have a routing rules that is source any destination is the address object created referring to the remote LAN. Next hope is standard route and the interface is set to the the VPN tunnel interface.

Please advise of the next steps or if more information is needed to help me resolve this.

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

Answers

  • Options
    ThKThK Cybersecurity Overlord ✭✭✭

    @tedsch what is your subnet mask? Looks like the Networks are same on both ends.

    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-nat-over-vpn-in-a-site-to-site-vpn/170515155805172/

    --Thomas

  • Options
    tedschtedsch Newbie ✭

    I have put a subnet mask of 255.255.0.0 on the LAN devices that I am testing with.

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    And the winner is ... @ThK 🏆️ ... 255.255.0.0 overlaps both locations, you should go with 255.255.255.0. You cannot reach the remote network because it's treated as part of the local subnet.

    --Michael@BWC

  • Options
    tedschtedsch Newbie ✭

    Let me hook things up and give it shot,

  • Options
    tedschtedsch Newbie ✭

    The subnet being opened up was the trick.

    Thanks for the nudge in the right direction.

    Now I would like to be able to connect to one site and manage both from the same Netextender connection. I can connect to one or the other site and manage that site but not both. When I try and connect to the web management interface of site B from site A I get a site can not be reached message. But I can ping the interface of site B from site A.

    I have the Management VIA This SA HTTPS enabled for both sites under the VPN policy.

  • Options
    ThKThK Cybersecurity Overlord ✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/14072#Comment_14072

    Every dog has his day :-)

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Don't forget to add the remote subnet to the SSLVPN client routes [or use tunnel all].

    And a route back to your SSLVPN client subnet.

  • Options
    tedschtedsch Newbie ✭

    Thanks for the pointers folks!!

    Way more help full than trying to get a support contract added to one of the devices so I can ask support a question. Ugg that is a frustrating experience....

Sign In or Register to comment.