Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Can we establish VPN between Sonicwall if one side tunnel base and other side is Site to site

ManishkctManishkct Newbie ✭
in Firewall Security Services
I am trying to establish tunnel between 2 sonic wall firewalls but not happening- one side is tunnel base and other side is Site -to- site
Category: Firewall Security Services
Reply
Tagged:

Best Answer

Answers

  • ManishkctManishkct Newbie ✭
    Actually I wanted to establish a tunnel but I have already a tunnel which also having same remote and local subnet..
    Is there any way to do it
  • shiprasahu93shiprasahu93 Moderator

    @Manishkct,

    In that case, I would suggest using NAT over VPN. Even if you use the tunnel mode, the remote networks will be specified on the route policy and the firewall will be confused on which VPN to use for that destination network.

    Please take a look at the KB articles below

    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-site-to-site-vpn-with-multiple-network-overlaps-nat-over-vpn/170817123531353/
    https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-nat-over-vpn-in-a-site-to-site-vpn/170515155805172/

    I hope this helps.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • ManishkctManishkct Newbie ✭

    Thanks Shipra for the respond.


    Here is my concern, Please let me know how I can proceed it further.

    1. Already having a site to site tunnel having subnet for example. 192.168.1.x/24 (remote subnet) and 10.0.0.1/32 (local IP)
    2. Now My requirement is setup a tunnel which contains subnet for example 192.168.1.10, 192.168.1.20 (remote IP) and 10.0.0.1/32 (local IP).

    Please let me know how we can do this and 1st site-to-site should not impact.


    Appreciated your help.

  • shiprasahu93shiprasahu93 Moderator

    @Manishkct,

    You can use the IPs like 192.168.2.10, 192.168.2.20 instead of 192.168.1.10, 192.168.1.20 respectively in the VPN tunnel that you set up on this end. On the remote side, 192.168.2.10, 192.168.2.20 would need to be translated back to 192.168.1.10, 192.168.1.20 respectively.

    So, when you need to access 192.168.1.10, 192.168.1.20 from this site, you would use 192.168.2.10, 192.168.2.20 respectively instead. Once it reaches the remote end, they will be translated to the right IP addresses and there would be no overlap.

    You can choose any other subnet that does not overlap with the local networks or other remote networks instead of 192.168.2.x. I have used that as an example.

    I hope this helps.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.