- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to create a mesh VPN network using Tunnel Interfaces and OSPF
12/20/2019 
762 People found this article helpful
101,078 Views
Description
It is quite easy to implement a Hub and Spoke VPN network using both Tunnel Interface and OSPF but the transition to a mesh network can be troublesome if you want to redistribute the SonicWall’s firewalled subnets.
Resolution
If you simply use the option “Redistribute Connected Network” in your OSPF configuration, it will perfectly work in hub and spoke environment but will prevent transition to a mesh environment as a tunnel interface is considered a connected interface by the SonicWall, hence the “spoke to spoke” VPN tunnel will fail to be created as both spokes will try to contact each other via the already existing VPN tunnel to the Hub.
Figure 1
Figure 2
In figure 1, you can see that a route exist to the second spoke (#6). In Figure 2, it should the equivalent on Spoke 2 (route #6).
The solution in to create a fully mesh environment is to use the OSPF “Passive” mode on the connected interface of all the mesh network’s nodes.
When OSPF passive mode is enabled on an interface, neither OSPF packets are sent nor any received on this interface. It only results in that interface’s network being advertised by OSPF to other OSPF peers as LSA 1 (Router) instead of LSA5 (External) when using “Redistribute Connected Networks”.
To Activate the Passive mode on your SonicWall’s internal networks, simply go to Network, Routing.
Then configure an internal network
Then simply choose the mode “Passive”
See Also:
Implementing Hub and Spoke Site-to-Site VPN on SonicOS Enhanced
Related Articles
- How to configure SSLVPN Tunnel all mode for one or more particular users (Local or Domain users)
- How to disable TOTP for a Local User with admin privileges via CLI.
- Parserror on Event logs.
Categories
- Firewalls > NSa Series > VPN
YES
NO