Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Connect to SSLVPN Through VLAN

diondpdiondp Newbie ✭

Hi There, i have a running config with SSLVPN which runs from WAN side without issues...

I would like for our employes to connect to the SSLVPN from a "guest_vlan" which our wifi runs on, they connect to the X1 Management IP (which is our external WAN IP)

so X0:V10 is the guest_vlan

but when trying to connec to the SSL VPN, the firewall drops the TCP...

i have enabled SSLVPN on the Zone "guest_vlan" - so why does the Sonicwall drop the connection?

i tried creating an acces rule from guest_vlan subnet to X1 management IP, but it still drops

any ideas ?

Category: Firewall Management and Analytics
Reply

Answers

  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited June 2021

    Hi @diondp , you need to make sure the rule is for the Service SSLVPN and also enable the "enable mangement" on the rule (this is the bit you are probably missing),

    you don't need to enbable the VLAN Zone in the SSL VPN Server Page as if you do this you will need to connect using the VLAN Interface IP

    Just make sure also you create rules from the VLAN zone to SSL VPN Zone and Vice versa to allow the traffic

  • SaravananSaravanan Moderator

    Hi @DIONDP,

    Thank you for visiting SonicWall Community.

    Your Guest users are behind the SonicWall and you have enabled the SSLVPN on the Guest VLAN. Your SSLVPN users should use the Guest VLAN interface IP (X0:V10 IP) in the Server field on the Netextender client. Being behind SonicWall and then trying to connect to the WAN IP address of SonicWall doesn't work for all cases like SSLVPN, firewall management access such as PING, HTTPS and HTTP. Hence the respective interface IP address of the non-WAN interfaces to be used.

    Hope this clarifies. Please feel free to let me know for any questions/clarifications.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • diondpdiondp Newbie ✭

    Hi Thank you for clarifying, however it is a "Always On" connection, which primarily connects from outside WAN, so to our outside WAN address... it would be kind of a dealbreaker to change this to the Interface IP of the VLAN 10.100.10.1... since it wouldnt not work, when trying to connect "outside" the company...

    is it perhaps possible to create a reflective rule which redirects external WAN address on VLAN to: 10.100.10.1 on the VLAN interface? and that way keep the configuration for the "external wan IP" ?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You could use a DNS address as the SSLVPN desination that resolves differently whether a user is inside or outside the network.

    E.g. externally vpn.mycompany.com resolves to 24.92.x.x so that remote users will connect to the WAN interface.

    Internally vpn.mycompany.com resolves to 10.100.10.1 so that users will connect to the internal VLAN interface.

  • AllanAllan Newbie ✭

    Hi @diondp

    Check that you have added the following.

    SSL VPN -> Client Settings -> Client Routes -> X[INTERFACE]:[VLAN] Subnet

    Also, I think you are missing a rule under Access List in your USERS.

    Goto USERS -> Local Users & Groups -> locate your group and edit.

    Goto VPN Access and ADD the specific VLAN in question to the list (that's what causing TCP drops).

    That should solve your issue.


    Hope that helps.

Sign In or Register to comment.