Traffic not routing through VPN
Hi,
I have a bit of a complex setup on my TZ400 which I will try to explain.
I primarily used (before Covid) the TZ400 to connect to a partner site (to-site VPN) that allowed us access to some of their applications via citrix to get information pertaining to our organisation requirements. I had been running with a rather slow braodband connection which worked but was a bit unreliable at times. This was connected to X1 on the Sonicwall.
There was a small network of PC's connected to the firewall and DHCP (192.168.10.0) was managed for these PC's on the sonicwall itself. All worked OK.
Since the Covid pandemic most of our users are now working from home so I used the sonicwall to run a few remote desktops on the internal LAN (192.168.20.0 not managed by Sonicwall) via the SSLVPN/virtual office on port X6. I subsequently procured a new fibre line into the building and this is running over port X5 and working well. I have also configured SSLVPN to port X5 and am running remote desktop services withouth an issue from external to internal (192.168.20.0).
My problem is that I am ceasing the original connection on port X1 and although I have bound the Site-to-Site VPN to port X5 (and liaised with the provider on the other side) I cannot get any traffic to route through the VPN. I have check all setting I think are relevant (Firewall rules/Nat) but cant see anything. The link is connected but traffic from the Soincwall LAN Subnet still appears to be trying to route through port X1. Can anybody point me in the direction of a solution. Any help appreciated.
Thanks.
Answers
What is your failover / load balancing configuration? If you haven't done anything there, configured failover using X1 as the first listed and X5 as the second listed (Manage \ Network \ Failover/LB). Then disconnect X1 and confirm internet failover is functional.
If that functions and the VPN tunnel on the other provider side is configured to the X5 IP you should be set.
Hope that helps.
Thanks TKWITS, I had tried something like that and now seem able to ping the outside interface. I'm suspecting now there may be an issue on the other end so need to check that out before further investigation on our side.
Often times any issue I have with site to site VPN tunnels is from the endpoint I DON'T control.