-
Products
-
Gen 7 Firewalls
SonicWall's Gen 7 platform-ready firewalls offer performance with stability and superior threat protection — all at an industry-leading TCO.
Read More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to access a more specific network over VPN tunnel while having another Route All VPN policy
11/04/2024 
0 People found this article helpful
75 Views
Description
This article shows methods on how to access a more specific network over VPN tunnel when there is already another Route All VPN policy.
Cause
Suppose there is a VPN policy of type "Tunnel Interface" named "Tunnel 1" which routes all the traffic (including the Internet traffic) from local network through this tunnel via the remote site. A new VPN policy of type "Site to Site" named "Tunnel 2" is added to access another remote site network 10.10.10.0/24.
In this case local network traffic destined to 10.10.10.0/24 network will be sent via Tunnel 1.
The article shows how to configure the VPN policies in this scenario so that the local network can access 10.10.10.0/24 network via Tunnel 2.
NOTE: Please find more information about types of VPN and how to configure them in the following KB article Configuring Site to Site VPN and Tunnel Interface VPNs
Resolution
Solution would be to make sure that both the VPN polices are of the same type which is either "Tunnel Interface" or "Site to Site". Please find below both the scenarios.
When using "Tunnel Interface" type-
- Make sure both the VPN policies are of type "Tunnel Interface" as shown below
- When using "Tunnel Interface", custom route policies are required to be added to specify what traffic should be sent via which tunnel. When adding the routes, the admin will have the ability to prioritize routes using metric. Please find the below image showing 2 routes added for "Tunnel 1" and "Tunnel 2".
- First highlighted route is to send any traffic from local X0 subnet with destination 10.10.10.0/24 network via the "Tunnel 2" VPN policy. The metric assigned for this route is 1.
- Second highlighted route is to send any traffic from local X0 subnet with destination ANY (which means all the traffic including the Internet traffic) via the "Tunnel 1" VPN policy. The metric given to this route is 10.
- Due to the metric assignment, firewall will prioritize the routes accordingly and will send the 10.10.10.0/24 traffic via the "Tunnel 2" VPN policy.
When using "Site to Site" type-
- Make sure both the VPN polices are of type "Site to Site" as shown below
- In this scenario, firewall will automatically prioritize the route for the more specific network and send the traffic destined for 10.10.10.0/24 network via the "Tunnel 2" VPN policy. All the remaining traffic will be sent via the "Tunnel 1" VPN policy.
Related Articles
- How to limit bandwidth usage when playing YouTube videos using App Rules
- SonicWall TZ80 In-Product settings migration
Categories
- Firewalls > NSa Series > VPN
- Firewalls > NSsp Series > VPN
- Firewalls > NSv Series > VPN
- Firewalls > TZ Series > VPN
YES
NO