2 separate isp's. How to setup VPN to work with both static ip addresses
I looked around a bit but have not found an answer. We have a second internet service provider for redundancy which is hooked up in a load balancing setup. I want to also be able to vpn into our network using the second IP address.
Thanks!
sam
Best Answers
-
TKWITS Community Legend ✭✭✭✭✭
Are you talking about site to site VPN, GlobalVPN, or SSLVPN?
Site to site policies are bound to the WAN zone for outbound traffic by default, meaning a device will initiate a tunnel over any available WAN interface. Site to site policies can be configured with multiple gateway addresses to connect to, meaning the device will initiate a tunnel to either of the gateway addresses.
GlobalVPN and SSLVPN are much more complicated. Either you can set multiple profiles on the client, or use round robin DNS.
0 -
TKWITS Community Legend ✭✭✭✭✭
As long as the second ISP interface is in the WAN zone and SSLVPN is enabled on the WAN zone the Sonicwall will automatically open the required ports on the interface.
The big question is if the second ISP is actually providing you a bridged interface (they are providing you a clean handoff), or if they are running a firewall on their modem/handoff device that is preventing the traffic. You can test this easily by enabling ping on the second ISP interface and attempting to ping that interface address from a different internet connection.
0
Answers
You can mention the second IP on the remote end as the secondary peer IP address. This can be set in the VPN policy itself on the other end.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I am not explaining my self very well (and probably don't understand what I am asking)
We use net extender to 'dial' into our network. We don't have a dns record associated with our ip address. So net extender points to the static IP address of our ISP. We now have 2 ISP and a second IP address. What we would like is for (as a fall back) the 2nd ip addres to also allow vpn connections.. (Or should this just work? I have only tried it once and it wouldn't connect)
sam
You are right - If I enable ping on the 2 interfaces - only the one we have been using is pingable...
I will have to get with that isp when I double check it at the modem.
Surprisingly - I reached out to centurytel (lumen) and they agreed that the firewall should not have been applied to the internet connection. They removed it and now I can ping an vpn into the connection.
Thanks for the push in the right direction.
@micah - SonicWall's Self-Service Sr. Manager