Accessing remote site resources when connected to the main site via remote VPN client
Description
In many scenarios, VPN users who are connected to the main site via a remote VPN Client need to have access to the resources behind the remote site in addition to the resources on main site. This KB article shows how to configure SonicWall to meet this need.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall management GUI
- Click Network tab.
- Navigate to IPsec VPN | Rules and Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
NOTE: Here we are considering the GVC network to be a part of same local network on Main site (NSA 2650). - Navigate to the Device| Users | Local Users & Groups page on Main site (NSA 2650) and click configure option for VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image
NOTE: If you are using a separate network subnet/range for the GVC, then on Main Site under "Choose a local network from list" select an address group consisting of local network and GVC subnet. And on Remote Site under "Choose destination network from the list select an address object consisting of remote network (main site network) and GVC network.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall management GUI.
- Click Manage tab.
- Navigate to VPN | Base Settings.
- Click on the Configure option of the appropriate VPN policy intended for remote site.
- Navigate to Networks tab in the new window and make a note of the address object/group set in the Choose destination network from list drop down list. (This may vary depending upon the remote site resource access privilege of the VPN users).
NOTE: Here we are considering the GVC network to be part of same local network on Main site(NSA 2650) - Navigate to the Users | Local Users & Groups page on Main site(NSA 2650) and click configure option of the remote VPN user account.
- Navigate to VPN Access tab in the new window and enforce the respective Address Object/Group of the remote site from left to right by clicking on the appropriate option as shown below in the image.
NOTE: If you are using a separate network subnet/range for the GVC, then on Main SIte under"Choose a local network from list" select and address group consisting of local network and GVC subnet. And on Remote Site under"Choose destination network from the list" Select an address consisting of remote network(main site network) and GVC subnet.
How to Test this Scenario
- When using GVC
- Disconnect the Global VPN Client session, reconnect & try to access (ping) the remote site resource.
- The client will be able to access the resources without any issues.
- When using NetExtender
Please follow: How can I allow ssl vpn user to access the remote network across site to site vpn?
Related Articles
not finding your answers?
