• Secure Mobile Access 10.2 for the SMA 100 Series
• Deployment Scenarios Overview
  • Selecting a Deployment Scenario
  • SMA 210/410 and 500v Deployment Scenarios
• Connecting the SMA on a New DMZ
  • Connecting the SMA to the Gateway
  • Allowing a WAN to SMA Connection
  • Allowing an SMA to LAN Connection
• Connecting the SMA on an Existing DMZ
  • Connecting the SMA to the Gateway
  • Allowing WAN to DMZ Connection
  • Allowing DMZ to LAN Connection
• Deploying SMA on the LAN
  • Connecting the SMA to the Gateway
  • Configuring SMA to LAN Connectivity
• Additional Configuration
  • Configuring the X0 IP Address
  • Configuring a Default Route
  • Adding a NetExtender Client Route
  • Setting Your NetExtender Address Range
  • Adding a New SMA Custom Zone
• Testing and Troubleshooting Your Remote Connection
  • Verifying a User Connection from the Internet
  • Policy > Access Rules Matrix View
• SonicWall Support
  • About This Document

Setting Your NetExtender Address Range

The NetExtender address range defines the IP address pool from which addresses will be assigned to remote users during NetExtender sessions. The range needs to be large enough to accommodate the maximum number of concurrent NetExtender users you wish to support.

The range should fall within the same subnet as the interface to which the SMA appliance is connected, and it must not overlap or collide with any assigned addresses if other hosts are on the same segment as the SMA appliance.

Determine the correct subnet based on your network scenario selection:

Scenario A	192.168.200.100 to 192.168.200.200 (default range)
Scenario B	Select a range that falls within your existing DMZ subnet. For example, if your DMZ uses the 10.1.1.0/24 subnet, and you want to support up to 30 concurrent NetExtender sessions, you could use 10.1.1.220 to 10.1.1.249.
Scenario C	Select a range that falls within your existing LAN subnet. For example, if your LAN uses the 192.168.168.0/24 subnet, and you want to support up to 10 concurrent NetExtender sessions, you could use 192.168.168.240 to 192.168.168.249.

DHCP/DHCPv6 is supported and can manage the IPv4 and IPv6 addresses in the LAN and the NetExtender client address ranges.

To set your NetExtender address range

1. Using Secure Mobile Access, navigate to the Clients > Settings page.
2. Enter an address range in the Client Address Range Begin and Client Address Range End fields.
3. Click Accept to add the Client Address Range.

Scenario A	192.168.200.100 to 192.168.200.200 (default range)
Scenario B	An unused range within your DMZ subnet.
Scenario C	An unused range within your LAN subnet.

If you do not have enough available addresses to support your desired number of concurrent NetExtender users, you may use a new subnet for NetExtender. This condition may occur if your existing DMZ or LAN is configured in NAT mode with a small subnet space, such as 255.255.255.224, or more commonly if your DMZ or LAN is configured in Transparent mode and you have a limited number of public addresses from your ISP. In either case, you may assign a new, unallocated IP range to NetExtender (such as 192.168.10.100 to 192.168.10.200) and configure a route to this range on your gateway appliance.

For example, if your current Transparent range is 67.115.118.75 through 67.115.118.80, and you wish to support 50 concurrent NetExtender clients, configure your SMA X0 interface with an available IP address in the Transparent range, such as 67.115.118.80, and configure your NetExtender range as 192.168.10.100 to 192.168.10.200. Then, on your gateway device, configure a static route to 192.168.10.0, using 67.115.118.80.