Re: Sonicwall PRO 3060 VPN not Connecting to internet

On 18 Jul, 15:05, Burkhard Ott <n...@xxxxxxxxx> wrote:
Am Fri, 18 Jul 2008 06:42:02 -0700 schrieb SallyBridges:

The sonic wall firewall allows you to configure the sonicwall global
vpn client from the actuall firewall

ok, but I made the experience sonicwall is crap.

split tunnels is therefore setup on the sonicwall firewall and this
automatically pushes to the client

Usually if the tunnel is established you get an valid spd entry and only
those packets will be send encrypted (depends on your config)

the dns entries when connected are the same as our lan dns entries and
these are working
on the lan side the gateway is the main work gateway to the internet and
works from office lan but not the vpn client
dns resolves but when attempting to go out on to the internet then a
tracertout our ping will time out

Sounds like your packet goes through the tunnel, check your phase2 policy..

cheers

SOLVED

Right to solve this then you will need to addin an additional NAT
translation - This then magically makes it all work

Configure NAT Policy
(Only Needed for WAN GroupVPN)
• Select NAT Policies
• Enter Original Source: In this example, Any
• Enter Translated Source: In this example, WAN Primary IP
• Enter Original Destination: In this example, Any
• Enter Translated Destination: In this example, Original
• Enter Original Service: In this example, Any
• Enter Translated Service: In this example, Original
• Enter Inbound Interface: In this example, X1 (note this is your WAN
Interface)
• Enter Outbound Interface: In this example X1 14


The Sonic wall documentation is available from here

http://www.sonicwall.com/downloads/How_to_Route_All_Traffic_through_a_SonicWALL_with_GVC_and_SonicOS_Enhanced.pdf



.

Relevant Pages

  • Re: not spam, no more phone or cable wires!
    ... Address translation is when a host starts an outbound connection, ... to an address at an interface with a lower security level. ... Authenticating, encrypting, and decrypting data through the tunnel. ...
    (alt.home.repair)
  • RE: XP messenger not receiving messages
    ... Regarding to this case i asked Cisco if they had any problems in they ... "Micosoft Instant messenger does not work through the tunnel, ... Microsoft has confirmed that this is a problem with Windows messenger. ... > same problem but i need my Cisco vpn client so i can connect to headoffice, ...
    (microsoft.public.windowsxp.messenger)
  • Re: Configuring Cisco VPN Client / Windows XP
    ... Packets will use an interface based on the routing table. ... Generally speaking when the VPN is connected it will add a route to the ... flush the DNS Cache resolver to clear out the old DNS ... > cannot access the *same* pages on the computer with the VPN client ...
    (comp.dcom.vpn)
  • PIX 501: NAT VPN Clients to Inside?
    ... running the Cisco VPN client 4.x. ... The "Inside" interface has a public IP of 172.46.24.100, ... would appear to come from the interface IP of the pix. ... client computer connecting, getting a 192.168 address, and then it ...
    (comp.dcom.sys.cisco)
  • Re: Choosing which interface to use
    ... As a result of the VPN client running I ... xl0 needed by the dhcp ... client and tun0 used by the vpn client. ... remote IP addr and the routing table defines the interface to be used. ...
    (freebsd-questions)