Access administration interface behind NAT
Nico_network
Newbie ✭
Hello,
I have a VPN configured and from the remote network I can connect to the administration interface of the sonicwall. However, I have a second VPN with NAT configured on the sonicwall. From this remote network I can connect to local servers using NAT (translated IPs), I can also ping the translated IP of the sonicwall administration interface from the remote network but I cannot access the administration interface in HTTPS. On the VPN, I have enabled HTTPS management.
Is it impossible to access the administration interface of the sonicwall through NAT ?
Regards,
Nicolas
Category: Remote Access Management and Reporting
0
Answers
@Nico_network For HTTPS Management Access to over NAT you need to edit the VPN to LAN Access Rule that is auto added and check the option 'Enable Management' under the 'General' TAB
For Example: Site A X0 Network is 10.10.10.0/24 and Site B X0 Network is 10.10.20.0/24, but you want to create a VPN between Site A and Site B and wants to access the Site B using NAT'd Network IP 10.10.200.0/24 instead of 10.10.20.0/24, so the Management IP for Site B will be 10.10.200.1 instead of the original 10.10.20.1. In this case the VPN Policy Network will look like the below:-
Site A VPN Policy will have Local Network: 10.10.10.0/24 and Remote Network: 10.10.200.0/24 (Instead of actual 10.10.20.0/24)
Site B VPN Policy will have Local Network: 10.10.20.0/24 and Remote Network: 10.10.10.0/24
Site B VPN Policy 'Advanced' TAB will have 'Apply NAT Policies' with Translated Local Network: 10.10.200.0/24 and Translated Remote Network: Original and enable Management via this SA: HTTPS
Once the above config is applied the VPN Tunnel will be established but we will only be able to Ping the Site B Firewall with IP 10.10.200.1 from the Site A Network and not access the Management Interface via HTTPS. For the latter the below step is needed:-
Site B Firewall VPN to LAN Access Rules there will be an Auto Added Allow Rule that says Source: 10.10.10.0/24 and Destination: 10.10.200.0/24. We have to edit this rule and check the option 'Enable Management' under the 'General' TAB
The above is just an easy example to demonstrate, on a NAT over VPN which side of the VPN should have the rule enabled with Management. You can try relating your setup with the example above and should be able to resolve your issue.
If the above doesn't address your question, then its better to discuss with a SonicWall Technical Support Engineer on the phone who can help to address it. Please feel free to contact our Technical Support Team at:
https://www.sonicwall.com/support/contact-support/