Accessing remote site resources when connected to the main site via remote VPN client
10/14/2021
1,263 People found this article helpful
113,819 Views
Description
In many scenarios, VPN users who are connected to the main site via a remote VPN Client need to have access to the resources behind the remote site in addition to the resources on main site. This KB article shows how to configure SonicWall to meet this need.

Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall management GUI
- Click Network tab.
- Navigate to IPSec VPN | Rules and Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.

- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).

EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN.
- Navigate to the Device| Users | Local Users & Groups page and click configure option of the remote VPN user account.

- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image - In the example the object was NSA2650 Site.

How to Test this Scenario
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- Click Policy tab.
- Navigate to Rules and Policies | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an Allow Rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.


Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Click Manage tab.
- Navigate to VPN | Base Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.

- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).

EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN.
- Navigate to the Users | Local Users & Groups page and click configure option of the remote VPN user account.

- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image - In the example the object was NSA2650 Site.

How to Test this Scenario
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- ClickManage tab.
- Navigate to Rules | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an Allow Rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.


Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Navigate to VPN | Settings page.
- Click on the Configure option of the appropriate VPN policy intended for remote site.

- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).

EXAMPLE: If the remote site resources access for the VPN user is restricted to a single IP address or subnet, then appropriate address object must be created in Network | Address Objects page with zone VPN.
- Navigate to the Users | Local Users page and click on the configure option of the remote VPN user account.

- Navigate to VPN Access tab in the new window and enforce the respective address object/group of the remote site from left to right by clicking on the appropriate option as shown below in the image.

How to Test this Scenario
- When using GVC
- Disconnect the Global VPN client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
- Navigate to Firewall | Access Rules, click on view style matrix.
- Click on SSLVPN to VPN matrix button.
- Ensure there is an allow rule as shown below in the image.
- Check the same from VPN to SSLVPN zones.
- Disconnect the NetExtender Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.


Related Articles
Categories
Was This Article Helpful?
YES
NO