Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Unable to access hosts behind SonicWall firewall when connected through GVC

10/14/2021 372 People found this article helpful 121,227 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article lists various troubleshooting steps you can employ If a remote user is unable to access any of the computers behind the SonicWall after establishing a connection via the Global VPN Client (GVC) and the SonicWall virtual adapter has obtained an IP address.

    Resolution

    Resolution for SonicOS 7.X

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


    Before starting to troubleshoot make sure the Global VPN Client connection shows a status of Connected and try pinging the IP addresses of computers behind the firewall or the SonicWall LAN IP address (X0 IP). If the pings do not get a reply try the following:

    • VPN Access List
    • Default Gateway
    • Client PC Network
    • NAT Traversal
    • Overlapping network
    • Intermittent pings
    • Multiple NICs on the computer behind the SonicWall.
    • Global VPN Client software version

    VPN Access List
     
    If using SonicOS Enhanced firmware the first place to check would be VPN Access permissions of users. Ensure that one of the following Network Address Objects is defined in the users' VPN access permissions: LAN subnets, X0 Subnet, or Firewalled Subnets or, at the least, the address object of the IP address of the computer you are pinging. You can check this by hovering over the VPN Access column for the user in question in the SonicWall's Users | Local Users & Groups page. Access permissions can be assigned and/or inherited via User Group Memberships. All Local users are, by default, members of the Trusted Users and Everyone groups.

    • Login to SonicWall management interface.
    • Click Device in the top navigation menu.
    • Navigate to Users | Local Users & Groups and edit either the Local user or Local Group, to see the VPN Access tab.
      Image


    Default Gateway
    One of the most common reasons for not being able to access computers on the LAN/DMZ is when the default gateways on the PCs behind the firewall are not set to the SonicWall LAN/DMZ IP address.

    Client PC Network:
     
    Routing issues in the internal network may also be causing the problem. Check whether local PCs are able to ping to each other. Check whether there are any detrimental static routes in the host you are pinging.

    NAT Traversal
    A variety of issues related to the client PC; the network environment of the client; the ISP connecting either side; or firewall software on the client, can cause problems with connectivity. You can, in some cases, work around network environments by making sure that the SonicWall's IPSec VPN | Advanced screen has the NAT-Traversal checkbox enabled. This allows the firewall and the Global VPN client to use encapsulation; the VPN traffic on the ESP protocol (nicknamed IPSec, IP protocol #50) is wrapped inside a UDP port 500 or port 4500 packet. Sometimes a home firewall on the client side needs to have a configuration changed allowing IPSec pass through or IKE pass through.

    Image

    Overlapping network
    Check whether the network you are connecting from and the network behind the SonicWall do not have identical networks. For eg. if you are in the 192.168.1.x/24 network and have connected to the SonicWall via the GVC, and have obtained a virtual ip address 192.168.1.27/24, you will not be able to access the remote SonicWall network of 192.168.1.x/24. The only solution to this would be to change one of the networks in question or to configure the GroupVPN to assign an IP address of a different interface.

    Intermittent pings
    At times the ping test return one reply followed by request timed-out. This could be caused by following reasons.

    • The VPN Access List contains incorrect objects like, All Interfaces IP or LAN/DMZ Interface IP.
    • There are interface configured in a loop. 

       EXAMPLE:  X0 and X2 are both connected to same switch without VLAN.

    • The virtual IP address assigned by the DHCP Server has already been assigned to another host in the network.

    Multiple NICs on the computer behind the SonicWall
     
    If the host you are trying to access has multiple NICs, it is more likely than not that some traffic is being routed through the NIC not connected to SonicWall. Try disabling the second NIC and check.

    Global VPN Client software version
    Finally, check the GVC version you are using. If you are running Windows 2000 Professional, any variant of Windows XP or Windows Vista, install the latest release of Global VPN Client. If you are running something older, and wish to upgrade, make sure that the older version is uninstalled completely.

    Please refer KB Installing or uninstalling Global VPN Client (GVC) and click here to get the GVC clean-up tool. Restart the computer and install the latest version of the GVC.

    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


    Before starting to troubleshoot make sure the Global VPN Client connection shows a status of Connected and try pinging the IP addresses of computers behind the firewall or the SonicWall LAN IP address (X0 IP). If the pings do not get a reply try the following:

    • VPN Access List
    • Default Gateway
    • Client PC Network
    • NAT Traversal
    • Overlapping network
    • Intermittent pings
    • Multiple NICs on the computer behind the SonicWall.
    • Global VPN Client software version

    VPN Access List
     
    If using SonicOS Enhanced firmware the first place to check would be VPN Access permissions of users. Ensure that one of the following Network Address Objects is defined in the users' VPN access permissions: LAN subnets, X0 Subnet, or Firewalled Subnets or, at the least, the address object of the IP address of the computer you are pinging. You can check this by hovering over the VPN Access column for the user in question in the SonicWall's Users | Local Users & Groups page. Access permissions can be assigned and/or inherited via User Group Memberships. All Local users are, by default, members of the Trusted Users and Everyone groups.

    • Login to SonicWall management interface.
    • Click Manage in the top navigation menu.
    • Navigate to Users | Local Users & Groups and edit either the Local user or Local Group, to see the VPN Access tab.
      Image


    Default Gateway
    One of the most common reasons for not being able to access computers on the LAN/DMZ is when the default gateways on the PCs behind the firewall are not set to the SonicWall LAN/DMZ IP address.

    Client PC Network:
     
    Routing issues in the internal network may also be causing the problem. Check whether local PCs are able to ping to each other. Check whether there are any detrimental static routes in the host you are pinging.

    NAT Traversal
    A variety of issues related to the client PC; the network environment of the client; the ISP connecting either side; or firewall software on the client, can cause problems with connectivity. You can, in some cases, work around network environments by making sure that the SonicWall's VPN | Advanced screen has the NAT-Traversal checkbox enabled. This allows the firewall and the Global VPN client to use encapsulation; the VPN traffic on the ESP protocol (nicknamed IPSec, IP protocol #50) is wrapped inside a UDP port 500 or port 4500 packet. Sometimes a home firewall on the client side needs to have a configuration changed allowing IPSec pass through or IKE pass through.

    Image


    Overlapping network
    Check whether the network you are connecting from and the network behind the SonicWall do not have identical networks. For eg. if you are in the 192.168.1.x/24 network and have connected to the SonicWall via the GVC, and have obtained a virtual ip address 192.168.1.27/24, you will not be able to access the remote SonicWall network of 192.168.1.x/24. The only solution to this would be to change one of the networks in question or to configure the GroupVPN to assign an IP address of a different interface.


    Intermittent pings
    At times the ping test return one reply followed by request timed-out. This could be caused by following reasons.

    • The VPN Access List contains incorrect objects like, All Interfaces IP or LAN/DMZ Interface IP.
    • There are interface configured in a loop.

      EXAMPLE:  X0 and X2 are both connected to same switch without VLAN.

    • The virtual IP address assigned by the DHCP Server has already been assigned to another host in the network.

    Multiple NICs on the computer behind the SonicWall
     
    If the host you are trying to access has multiple NICs, it is more likely than not that some traffic is being routed through the NIC not connected to SonicWall. Try disabling the second NIC and check.


    Global VPN Client software version
    Finally, check the GVC version you are using. If you are running Windows 2000 Professional, any variant of Windows XP or Windows Vista, install the latest release of Global VPN Client. If you are running something older, and wish to upgrade, make sure that the older version is uninstalled completely.

    Please refer KB Installing or uninstalling Global VPN Client (GVC) and click here to get the GVC clean-up tool. Restart the computer and install the latest version of the GVC.


    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.


    Before starting to troubleshoot make sure the Global VPN Client connection shows a status of Connected and try pinging the IP addresses of computers behind the firewall or the SonicWall LAN IP address (X0 IP). If the pings do not get a reply try the following:

    • VPN Access List
    • VPN Terminated at
    • Default Gateway
    • Client PC Network
    • NAT Traversal
    • Overlapping network
    • Intermittent pings
    • Multiple NICs on the computer behind the SonicWall.
    • Global VPN Client software version


    VPN Access List:
    If using SonicOS Enhanced firmware the first place to check would be VPN Access permissions of users. Ensure that one of the following Network Address Objects is defined in the users' VPN access permissions: LAN subnets, LAN Primary Subnet, X0 Subnet, or Firewalled Subnets or, at the least, the address object of the IP address of the computer you are pinging. You can check this by mousing over the VPN Access column for the user in question in the SonicWall's Users - Local Users screen. Access permissions can be assigned and/or inherited via User Group Memberships. All Local users are, by default, members of the Trusted Users and Everyone groups.

    • In the SonicWall Management interface, navigate to Users | Local Users or Users | Local Groups and edit either the user or the group, to see the VPN Access tab.
      Image


    VPN Terminated at
    If you are using SonicOS Standard, the GroupVPN Policy allows termination on different physical interfaces of the firewall (LAN, WLAN, OPT). Make sure that your configuration allows you access to the area you are trying to go. By Default, this termination is set to LAN only.

    • In the SonicWall Management interface go to the VPN | Settings page and edit the GroupVPN policy to see the VPN Access tab.


    Default Gateway
     One of the most common reasons for not being able to access computers on the LAN/DMZ is when the default gateways on the PCs behind the firewall are not set to the SonicWall LAN/DMZ IP address.

    Client PC Network
    Routing issues in the internal network may also be causing the problem. Check whether local PCs are able to ping to each other. Check whether there are any detrimental static routes in the host you are pinging.

    NAT Traversal
    A variety of issues related to the client PC; the network environment of the client; the ISP connecting either side; or firewall software on the client, can cause problems with connectivity. You can, in some cases, work around network environments by making sure that the SonicWall's VPN | Advanced screen has the NAT-Traversal checkbox enabled. This allows the firewall and the Global VPN client to use encapsulation; the VPN traffic on the ESP protocol (nicknamed IPSec, IP protocol #50) is wrapped inside a UDP port 500 or port 4500 packet. Sometimes a home firewall on the client side needs to have a configuration changed allowing IPSec pass through or IKE pass through.

    Image


    Overlapping network
     
    Check whether the network you are connecting from and the network behind the SonicWall do not have identical networks. For eg. if you are in the 192.168.1.x/24 network and have connected to the SonicWall via the GVC, and have obtained a virtual ip address 192.168.1.27/24, you will not be able to access the remote SonicWall network of 192.168.1.x/24. The only solution to this would be to change one of the networks in question or to configure the GroupVPN to assign an IP Address of a different interface.


    Intermittent pings:
    At times the ping test return one reply followed by request timed-out. This could be caused by following reasons.

    • The VPN Access List contains incorrect objects like, All Interfaces IP or LAN/DMZ Interface IP.
    • There are interface configured in a loop.

      EXAMPLE:X0 and X2 are both connected to same switch without VLAN.

    • The virtual IP address assigned by the DHCP Server has already been assigned to another host in the network.

    Multiple NICs on the computer behind the SonicWall
    If the host you are trying to access has multiple NICs, it is more likely than not that some traffic is being routed through the NIC not connected to SonicWall. Try disabling the second NIC and check.


    Global VPN Client software version: Finally, check the GVC version you are using. If you are running Windows 2000 Professional, any variant of Windows XP or Windows Vista, install the latest release of Global VPN Client. If you are running something older, and wish to upgrade, make sure that the older version is uninstalled completely.

    Please refer KB Installing or uninstalling Global VPN Client (GVC) and click here to get the GVC clean-up tool. Restart the computer and install the latest version of the GVC.

    Related Articles

    • ‘Error sending one-time password’ encountered when connecting to NetExtender
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series

    Categories

    • Firewalls > NSv Series > GVC/L2TP
    • Firewalls > NSa Series > GVC/L2TP
    • Firewalls > TZ Series > GVC/L2TP

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:dd05288e52973a5809ba22c373a5ba22-70