Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSLVPN to access multiple local LAN's

EddieEddie Newbie ✭

Hello,

We are adding a new local LAN to our network. Currently we have 192.168.0.0/24, new network is 192.168.8.0/24. Our current configuration for SSLVPN (see below) is working just fine for the 192.168.0.0/24 network. We need to allow access to both networks. Right now I added 192.168.8.0/24 to the Client Access list (see below), but we can not ping or access any devices in the new network.

Settings:

Zone IP V4: SSLVPN

Network Address IP V4: SSLVPNIPPool (10.0.0.0/24)

Client Routes:

LAN_SUBNET (192.168.0.0/24) → currently working fine

LAN8_SUBNET (192.168.8.0/24) → unable to access

Routes:

Name: Static0ToLanX5

Source: Any

Destination: LAN_SUBNET (192.168.0.0/24)

Service: Any

Gateway: Router_Gateway (192.168.100.1) → Router Interface connection to Firewall

Interface: X5 (connection between Router and Firewall)

Name Static8ToLanX5

Source: Any

Destination: LAN8_SUBNET (192.168.8.0/24)

Gateway: Router_Gateway (192.168.100.1) → Router Interface connection to Firewall

Interface: X5 (connection between Router and Firewall)

I guess the first question is can the SSLVPN connect to or see multiple LAN's? I added the new Static Route (Static8ToLanX5) to the SonicWall TZ400 and the New network (LAN8_SUBNET) to the Client Routes and it shows in the GUI correctly. Any ideas?

I am not seeing this option/capability within the documentation for a TZ400 setting up SSLVPN. I do see that there is an option for Users/Local Users & Groups/…VPN Access/Access list/LAN Subnets. I am not able to find LAN Subnets and what defines this and maybe I need to add my Client routes to this list as show above. Any ideas?

Category: SSL VPN
Reply

Answers

  • EddieEddie Newbie ✭
    edited April 2

    Issue solved!

    Just needed to add the current networks (LAN_SUBNET, LAN8_SUBNET) to the Users / Local Users & Groups / Local Users / VPN Access. We can now access each network.

Sign In or Register to comment.