- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Adding a wireless network to a site to site VPN (SonicOS Enhanced)
03/26/2020 
763 People found this article helpful
98,909 Views
Description
Adding a wireless network to a site to site VPN (SonicOS Enhanced)
Resolution
Feature/Application:
Allow for a site to site VPN connection with access to a wireless network at one side.
Procedure:
This configuration will be based on a site to site VPN in which both sides have a static WAN IP, SonicOS Enhanced is being used, the VPN is configured in Main Mode and one side also has a wireless network.
Site A has a WAN IP of 10.10.10.10 and a LAN subnet of 192.168.1.0/24.
Site B has a WAN IP of 10.11.11.11 and a LAN subnet of 192.168.11.0/24 and a WLAN (Wireless Network) of 172.16.32.0/24
When configuring the destination network on the VPN policy at Site A, two address objects must be created. One for Site B LAN, and one for Site B WLAN. Both address objects should be set to zone VPN and then placed in an address group. The newly created address group should be used as the destination network on the VPN policy at Site A. The local network can be set to LAN Primary subnet or X0 Subnet in this instance.
When configuring the VPN policy at Site B, only one address object must be created for the destination network. It can be called Site A LAN and should have the zone assignment set to VPN. An address group can be created for the local network setting in the VPN policy or a default one can be used. If creating one, place X0 subnet or LAN Primary Subnet along with WLAN subnet into the group and then use it for the local network on the VPN policy. If a default one is preferred, Firewalled Subnets can be used in many cases. Please review what is included in this group by checking the Network > Address Objects page.
Adding WLAN and LAN as the local network on the Site B VPN policy will allow access to both networks for traffic coming through the VPN tunnel. By adding the Site B WLAN and Site B LAN to the destination at Site A will allow traffic to pass over the VPN.
How to Test:
Ping via IP from a wireless computer to a host at site A. Likewise, ping a wireless computer ip address from a Site A host.
Related Articles
- How to configure SSLVPN Tunnel all mode for one or more particular users (Local or Domain users)
- How to disable TOTP for a Local User with admin privileges via CLI.
- Parserror on Event logs.
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO