How to fix not being able to connect to devices on my network after successfully connecting to VPN?
Skyhightech
Newbie ✭
Hello,
Firewall: TZ 270
Firmware: 7.1.2-7019
I successfully setup the VPN on my firewall, I can connect successfully with netextender. I followed the article how to setup SSL-VPN from sonicwall. But when connected I can't access any devices on the network (RDP or ping). I setup packet monitoring and my packets are being dropped due to "Denied by SSLVPN per user control policy". I followed instructions in this KB but the user in question already has access to the LAN Subnets. There's no further steps in that article for troubleshooting so I am unsure how to proceed. I changed the network range in my address object from xxx.xxx.2.240/245 to 190/195 but that didn't resolve the issue. The IP I get from the VPN adapter once connected is in the range above when I do an ipconfig.
Can anyone provide any additional KBs or information to help troubleshoot why I can't access any devices once connected to the VPN? any help is greatly appreciated
Thank you
Best Answer
-
CORRECT ANSWER
TKWITS
Community Legend ✭✭✭✭✭
Is the 'Cheer Gym' address object a range of IPs in the SSLVPN zone? Might help to rename that to something clearer.
Is the 'internal' network you are trying to access remotely on the Sonicwall's X0 interface? Than use 'X0 Subnet' instead of 'LAN Subnets'.
Do you have an internal DNS server? Than use the internal DNS server IP's for the SSLVPN client DNS.
0
Answers
Show us sanitized screenshots of the relevant configuration pages.
Are your SSLVPN Client Routes correct?
I'm not sure which ones are relevant. So I grabbed screenshots as I went through the guide on how to create the VPN from the Knowledge base article https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-ssl-vpn/170505609285133 my apologies if this is too much info. I believe the client routes are correct. We have another sonicwall firewall at another building and that VPN is able to connect to devices on that network. This building is on a different network but I tried to match most of the config outside of the IPs.
I also tried WAN subnet as a client route.
I pulled DNS server from ipconfig /all
This is a user:
Access Rules:
SSLVPN → LAN access rules?
Here is a screenshot of the SSLVPN → LAN access rules. I'm not sure why there is 3. I didn't create them they were already there.
Changing it to the X0 subnet instead of LAN worked! Thank you for the tip! I appreciate it