Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to fix not being able to connect to devices on my network after successfully connecting to VPN?

Hello,

Firewall: TZ 270

Firmware: 7.1.2-7019

I successfully setup the VPN on my firewall, I can connect successfully with netextender. I followed the article how to setup SSL-VPN from sonicwall. But when connected I can't access any devices on the network (RDP or ping). I setup packet monitoring and my packets are being dropped due to "Denied by SSLVPN per user control policy". I followed instructions in this KB but the user in question already has access to the LAN Subnets. There's no further steps in that article for troubleshooting so I am unsure how to proceed. I changed the network range in my address object from xxx.xxx.2.240/245 to 190/195 but that didn't resolve the issue. The IP I get from the VPN adapter once connected is in the range above when I do an ipconfig.

Can anyone provide any additional KBs or information to help troubleshoot why I can't access any devices once connected to the VPN? any help is greatly appreciated

Thank you

Category: SSL VPN
Reply
Tagged:

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Show us sanitized screenshots of the relevant configuration pages.

    Are your SSLVPN Client Routes correct?

  • SkyhightechSkyhightech Newbie ✭

    I'm not sure which ones are relevant. So I grabbed screenshots as I went through the guide on how to create the VPN from the Knowledge base article https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/170505609285133 my apologies if this is too much info. I believe the client routes are correct. We have another sonicwall firewall at another building and that VPN is able to connect to devices on that network. This building is on a different network but I tried to match most of the config outside of the IPs.

    I also tried WAN subnet as a client route.

    I pulled DNS server from ipconfig /all

    This is a user:

    Access Rules:

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    SSLVPN → LAN access rules?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Is the 'Cheer Gym' address object a range of IPs in the SSLVPN zone? Might help to rename that to something clearer.

    Is the 'internal' network you are trying to access remotely on the Sonicwall's X0 interface? Than use 'X0 Subnet' instead of 'LAN Subnets'.

    Do you have an internal DNS server? Than use the internal DNS server IP's for the SSLVPN client DNS.

Sign In or Register to comment.