-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Accessing remote site resources when connected to the main site via remote VPN client
02/13/2023 
1,340 People found this article helpful
496,722 Views
Description
In many scenarios, VPN users who are connected to the main site via a remote VPN Client need to have access to the resources behind the remote site in addition to the resources on main site. This KB article shows how to configure SonicWall to meet this need.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall management GUI
- Click Network tab.
- Navigate to IPsec VPN | Rules and Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
NOTE: Here we are considering the GVC network to be a part of same local network on Main site (NSA 2650). - Navigate to the Device| Users | Local Users & Groups page on Main site (NSA 2650) and click configure option for VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image
NOTE: If you are using a separate network subnet/range for the GVC, then on Main Site under "Choose a local network from list" select an address group consisting of local network and GVC subnet. And on Remote Site under "Choose destination network from the list select an address object consisting of remote network (main site network) and GVC network.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Click Manage tab.
- Navigate to VPN | Base Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
NOTE: Here we are considering the GVC network to be part of same local network on Main site(NSA 2650) - Navigate to the Users | Local Users & Groups page on Main site(NSA 2650) and click configure option of the remote VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image.
NOTE: If you are using a separate network subnet/range for the GVC, then on Main SIte under"Choose a local network from list" select and address group consisting of local network and GVC subnet. And on Remote Site under"Choose destination network from the list" Select an address consisting of remote network(main site network) and GVC subnet.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
Please follow: How can I allow ssl vpn user to access the remote network across site to site vpn?
Related Articles
- Initial and Advanced Firewall Setup for high security environments
- How to setup Active/Standby High Availability on NSSP 13700 appliances?
- How to Create URI List Objects/Groups on SonicOSX 7?
Categories
- Firewalls > TZ Series > VPN
- Firewalls > SonicWall SuperMassive 9000 Series > VPN
- Firewalls > NSa Series > VPN
- Firewalls > NSv Series > VPN
YES
NO