Allow access from Remote Network
Jez222
Newbie ✭
Setup
I have an NSA 2600 firewall (Point A) which has several site to site VPN connections to our offices (Points B,C,D etc)
I also have SSLVPN/RADIUS enabled on Point A to allow remote VPN access to Point A from the internet.
We also have several VPN connections from Point A with External Customers (Points 1,2,3 etc)
I need to give one of our offices (Point B) access to a Customer VPN connection (Point 1) VIA Point A
SSLVPN users dialled into Point A can already connect to Customer Point 1
Question
How do I allow a remote office (Point B) network (LAN) access to Customer Point 1? (Point B already has access to Point A, they just need access beyond to Customer Point1
Thanks
Best Answer
-
CORRECT ANSWER
TKWITS
Community Legend ✭✭✭✭✭
Think about it. You're tunneling all this traffic already, but 'Office B' doesn't know how to get to 'Customer 1'. What could you do to get 'Office Bs' firewall to know how to route traffic to 'Customer 1'.
Basically you'd need to add the 'Customer 1' network to the VPN tunnel between 'Office A' and 'Office B', then get your Customer to add the 'Office B' network to their VPN tunnel to 'Office A'.
Then repeat for the remaining Offices and Customers.
1
Answers
Hello @Jez222,
Welcome to the SonicWall community.
I think you can follow this KB to set it up.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Thank you sir
Unfortunately i am still having problems connecting from Point B to Customer 1. The reason could be ( i am not certain) that I am natting Customer 1's address inside Point A.
I'm pretty sure I need to setup a group on Point A to include Point B and Customer 1 but as I now have two address objects for Customer 1 (Customer 1 Local and Customer 1 Remote) I am not sure which to use!
(Customer 1 have added our Point B's network to their end)
You need to accomodate for your NAT.
How do i that?
Apologies for the newbie questions 😔
Without seeing your config we can only make suggestions. Show us the VPN policy showing the NAT.
You say your "natting Customer 1's address inside Point A". I can assume you are doing a destination (remote) translation of your customers network, but I do not know because you haven't provided that information.
Assuming above, instead of routing the Customers actual address through the tunnel from Point B, you should be routing the translated address. Again, I'm making an assumption.
You assumption is correct, thank you for the advice.