Adding a wireless network to a site to site VPN (SonicOS Enhanced)
03/26/2020 761 12641
DESCRIPTION: Adding a wireless network to a site to site VPN (SonicOS Enhanced)
Allow for a site to site VPN connection with access to a wireless network at one side.
This configuration will be based on a site to site VPN in which both sides have a static WAN IP, SonicOS Enhanced is being used, the VPN is configured in Main Mode and one side also has a wireless network.
Site A has a WAN IP of 10.10.10.10 and a LAN subnet of 192.168.1.0/24.
Site B has a WAN IP of 10.11.11.11 and a LAN subnet of 192.168.11.0/24 and a WLAN (Wireless Network) of 172.16.32.0/24
When configuring the destination network on the VPN policy at Site A, two address objects must be created. One for Site B LAN, and one for Site B WLAN. Both address objects should be set to zone VPN and then placed in an address group. The newly created address group should be used as the destination network on the VPN policy at Site A. The local network can be set to LAN Primary subnet or X0 Subnet in this instance.
When configuring the VPN policy at Site B, only one address object must be created for the destination network. It can be called Site A LAN and should have the zone assignment set to VPN. An address group can be created for the local network setting in the VPN policy or a default one can be used. If creating one, place X0 subnet or LAN Primary Subnet along with WLAN subnet into the group and then use it for the local network on the VPN policy. If a default one is preferred, Firewalled Subnets can be used in many cases. Please review what is included in this group by checking the Network > Address Objects page.
Adding WLAN and LAN as the local network on the Site B VPN policy will allow access to both networks for traffic coming through the VPN tunnel. By adding the Site B WLAN and Site B LAN to the destination at Site A will allow traffic to pass over the VPN.
How to Test:
Ping via IP from a wireless computer to a host at site A. Likewise, ping a wireless computer ip address from a Site A host.