Site to Site VPN via two Sonicwall firewalls – With DHCP over VPN

Specifying authorized VPN users

How Do I... Configure SonicWALL VPN Connections?
I looked at the ACL switch and noticed routing statements for the Also, with a site-to-site VPN you actually see multiple tunnels show in the VPN listing if you are routing multiple nets on each side of the VPN itself and those multiple tunnels consume the allocated VPN tunnels that an individual firewall can support. March 29, at 2: Having very different firmware levels can cause problems. Another question regarding the Sonicwall, is it capable of having a dual-engine anti-virus?

See How It's Done

How do I configure a Site to Site VPN between SonicWALL devices?

Make a note of the preshared key if you select that option, then click Next. The Security Settings menu appears. After clicking Next, the User Authentication menu appears. Administrators must specify whether user authentication should be implemented. The confirmation screen reviews the settings that will be implemented upon clicking the Apply button. Click the Apply button to finish enabling the VPN settings.

My Profile Log Out. Free Newsletters, In your Inbox. Does this make sense? OK, if you got the tunnel up AND each side of the tunnel knows about the networks on the other side of the tunnel then you are over the first hurdle. And, if you can reach servers or devices over the tunnel via IP address then yo know your routing is working. So, it looks like it is a question of tuning some settings.

Also, when you tested with the laptop, where was it pointing for its DNS? Did you point at a server on the main side? Finally, in answer to your last question, yes, objects on firewall A that refer to something on the remote side of a VPN tunnel on firewall B should always be VPN objects.

That ensures the object is attached to the correct zone and has proper security wrapped around it. You are a genius! I changed the DNS settings and viola! My logon script runs, I get my mapped drives and printers and can browse the network. There is one more naggling little issue though. Laptop getting DNS correctly? In other words, if you do an nslookup from the laptop for an external site, does the DNS server give the IP address? Finally, make sure the network settings on the X1 port on the remote Sonicwall are correct and the laptop has the correct gateway IP configured.

Then the default routing config on the remote Sonicwall should then handle the access from the laptop to the Internet. Yes, it appears the laptop is getting DNS correctly. I checked the gateway on the laptop and it is pointing to the remote Sonicwall. I checked the gateway on the Sonicwall and it is pointing to the correct IP. This seems correct, no?

So it seems that everything is set correctly yet I am still unable to browse the internet. Any other gotchas you can think of? What do diags on the firewall give you? Can it ping its gateway and its DNS sites? And, stupid question is the firewall showing as being properly licensed?

If it is not licensed there may be an impact on traffic. Finally, have you restarted the remote sides modem and then the firewall? Sometimes that seems to sort everything out. Once you KNOW things are working you can start to cut in the security services.

Anyway, all looks fine. So I plugged the wireless router back in and set the laptop up to connect to that and the internet works fine like it always did. Once it was set up, the tunnel came right up, and viola!

The internet works too! I then log off of the laptop and log back on to make sure the logon script runs and I get my mapped drives and printers. However, there is no policy type option. I get to this step very early in the process: Because there is no policy type drop down. The first option I can interact with is Authentication Method.

Hi there — I followed your guide, very well written and easy to follow. I tried getting this going on my own, and have had some success. I have 3 offices well, actually 8 but focusing on 3 for now. I originally followed your guide and linked two of the offices together, and today I was tackling adding a third to the mix. I added the first office to the third office successfully, I got the green light right away and was able to see network items across the tunnel.

Figuring I did it wrong, I deleted the address objects and vpn tunnel and started fresh, same thing. The only thing I can think is that these are on the same subnet, too similar and not passing traffic. All three devices are Sonicwall NSA Do you have any thoughts? Any advice or direction would be super greatly appreciated. The other two branch offices with exact same settings are fine. I realize there could be many causes but does anything come to mind that I could try?

Maybe I should make Master be the initiator. Best bet, if you can, is factory restore, relicense the mysonicwall thing , apply firmware updates if any then apply your saved settings back to the box you do have settings saved from before the failure, yes??? Any updates on how to force all traffic from the remote site across the VPN. I tried what you said to someone else in the comments but changing any settings just brings down the tunnels.

I also tried a route based tunnel with no luck. Yes, you can have DHCP traverse the tunnel. Ignore all the bits prior to Step 3. So, you need to set the name in your DNS servers. Great work and ty for making my IT life that little more stressless. I was given the task of creating a site to site, after searching and reading forums and articles.

I found yours to be the best and easiest one around. I know you have answered a few questions like this, but is there a configuration where I have to let the traffic flow?

Go back and check your settings on each side of the tunnel. What you are doing with these two settings is defining the routing that will be baked into the VPN policy. This is what sets up for you to be able to access devices on the far side of the tunnel you are behind Firewall A and can ping a device on the subnet behind Firewall B.

I would recheck the settings for both Local and Remote Networks and verify you have covered your bases. Also, verify settings on your devices on the target subnets and ensure your gateway settings are correct. Your local devices have to go to the correct gateway in order to access the VPN.

Thanks for the reply. I will go ahead and check my settings again. What I did was added the range of the addresses that the WiFi Router could give out as subnets. Hopefully this is not confusing. If you can see my email, can you shoot me a message, so that I can show you pics of my configuration?

We can ping between the subnets So please suggest me for the same?? Is it for the license expiry or any other reason. Mail will not be published required. Leave this field empty. Notify me of follow-up comments by email.

Notify me of new posts by email. Robert Dick itgroove Alumni. On the master unit perform the following steps: Fill in your entries as follows: Make note of what you enter as you will need to enter the same key on the other Sonciwall. Click on the Network tab: You should then have something like the following: Click on the Proposals tab and set like the following: Click on the Advanced tab and set like the following: Click the OK button to save the settings.

Now, switch yourself over to the other Sonicwall and repeat the same steps with the following differences: The Proposals should match the other side: Click the OK button to save the policy. An example of how multiple networks display under a VPN policy follows: As you can see, this tunnel knows about 3 separate networks at the other end.

July 22, at 6: July 22, at 8: July 30, at 6: July 30, at 9: August 6, at August 7, at 1: September 8, at September 9, at 3: September 10, at September 9, at 1: September 16, at 2: September 19, at 2: October 22, at 6: October 27, at 3: October 31, at 8: October 31, at 9: November 17, at 9: November 21, at 3: December 3, at 3: December 3, at 4: December 4, at 2: December 4, at 4: January 15, at 2: January 15, at 8: January 22, at 3: January 22, at 4: January 28, at 6: February 6, at 7: February 8, at February 9, at 9: March 17, at 6: March 17, at 3: March 20, at 3: March 20, at 6: March 29, at March 29, at 2: April 2, at 9: April 2, at 2: April 3, at 8: April 3, at 9: The TLS connections are slow and expensive.

Each remote site has IP phones and several workstations that need to access servers at the central site.

Windows Server 2. Solutions Learn More Through Courses. Experts Exchange Solution brought to you by Enjoy your complimentary solution view.

Get every solution instantly with Premium. Start your 7-day free trial. I wear a lot of hats The easiet way to do this is to use the Wizard. Login to the Sonicwall and look in the upper right hand corner. You will see an item labeled Wizards. Click that and select VPN Wizard and follow the instructions. I followed the Wizard, and have been following along with some online tutorials. One thing to make sure is that the locations you are linking do not use the same or overlapping IPs.

The difficulty is that you have an existing setup with which you do not want to interfere. Then click the Configure button for the tunnel, and go to the Network tab. In local networks you should have Choose Local Network form List an Address Object that includes all the local nets that will be able to go over the tunnel to the remote. Then in Remote Networks you should have an Address Object that includes all the remote lans that are to be accessed over the tunnel. Log into the remote Sonicwall and do the same thing indicate the remote lans that can access the main site over the tunnel, and what they can access.

It should point to If you want a hub and spoke HQ to each branch. Start small, Once you get this setup and functioning, the rest is a repetition.

A site about stuff

Leave a Reply

Step 3: Configuring a VPN policy on Site B SonicWall. 1. Login to the Site B SonicWall appliance and Click Manage in the top navigation menu. Click VPN | Base Settings page and Click Add button. The VPN Policy window is displayed. 2. Click the General Tab. Select IKE using Preshared Secret from the Authentication Method menu. 1) Browse to VPN, then Settings (default view for VPN). 2) Ensure that "Enable VPN" is selected. 3) Click Add. 4) Change the Authentication Method to "IKE using pre-shared secret". 5) N ame the SA, in this example "Tunnel to LinkSys VPN Router". 6) Enter the WAN IP of the LinkSys VPN router for "IPSec Primary Gateway Name or Address:". Using the VPN Wizard to Configure Site to Site VPN using Preshared Secret. Step 1. Click Quick Configuration on the top Navigation menu Step 2. In the Welcome to the SonicWall Configuration Guide select VPN Guide and click Next. Step 3. In the VPN Policy Type page, select Site-to-Site and click Next. Step 4.