-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How can I allow ssl vpn user to access the remote network across site to site vpn?
06/17/2022 
3,347 People found this article helpful
511,958 Views
Description
This article explains how to allow SSLVPN user to access the remote network across site to site VPN.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Click Network | IPSec VPN | Rules and Settings.
- Make sure the SSLVPN IP pool is added to the local network in Site to Site Tunnel configuration on SonicWall A and in the remote network (in VPN Zone) in SonicWall B.
- Add a client route to the SonicWall B network under:
a) Click Network | SSLVPN | Client settings | Edit Profile | Client Routes:
- Click Device | Users | Local Users & Groups in the top navigation menu.
- Add the same VPN network under the user which connects over SSL VPN and add the SSLVPN IP Pool under the VPN Access tab.
- Add the same VPN network under the user which connects over SSL VPN and add the SSLVPN IP Pool under the VPN Access tab.
- Reconnect NetExtender / Mobile Connect and test the access.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Click Manage in the top navigation menu.
- Make sure the SSLVPN IP pool is added to the local network in Site to Site Tunnel configuration on SonicWall A and in the remote network (in VPN Zone) in SonicWall B.
- Make sure the SSLVPN IP pool is added to the local network in Site to Site Tunnel configuration on SonicWall A and in the remote network (in VPN Zone) in SonicWall B.
- Add a client route to the SonicWall B network under:
a) Click Manage in the top navigation menu. Click SSL VPN | Client Settings | Edit profile | Client Routes Tab:
- Click Manage in the top navigation menu.
- Add the same VPN network under System Setup | Users | edit the user or user group which connects over SSL VPN under the VPN Access tab.
- Add the same VPN network under System Setup | Users | edit the user or user group which connects over SSL VPN under the VPN Access tab.
- Reconnect NetExtender / Mobile Connect and test the access.
NOTE: Now when that user will try to access any computer with 1.1.1.x network he will be able to access that.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Make sure the SSLVPN IP pool is added to the local network in site to site tunnel configuration on SonicWall A and in the remote network (in VPN Zone) in SonicWall B.
- Add a client route to the SonicWall B network under:
a) SSL VPN | Client Settings | Edit profile | Client Routes Tab in Firmware 5.9 and 6.2:
b) SSL VPN | Client Routes in Firmware 5.8 and 6.1:
- Add the same VPN network under Users | edit the user or user group which connects over SSL VPN | VPN Access Tab.
- Reconnect NetExtender / Mobile Connect and test the access.
NOTE: Now when that user will try to access any computer with 1.1.1.x network he will be able to access that.
If it is not possible to change the Site to Site VPN Tunnel
If it is not possible to modify the currently active VPN Site to Site tunnel it is always possible to perform a NAT of the SSLVPN range.
Configure the SSLVPN like the examples above and add a NAT policy.
In the example above:
SSL Scope is the SSLVPN Address Range configured in SSLVPN Client Settings
Translated Source is the NAT applied to the incoming packets translated with X0 IP (in a scenario in which the X0 Subnet is the subnet already active in the Site to Site tunnel)
Original Destination is the remote VPN Subnet
Keep in mind that the NAT solution will works only when the traffic is originated from SSL VPN Client to the remote network.
It is not possible to originate the traffic from Chicago LAN due to the routing of the firewall.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > SonicWall SuperMassive 9000 Series > SSLVPN
- Firewalls > TZ Series > SSLVPN
- Firewalls > NSa Series > SSLVPN
- Firewalls > NSv Series > SSLVPN
YES
NO