SonicWall VPN Question

[K600]

Hello All,

I've got a VPN problem that I'm having trouble correcting. I've got a situation where I need access to multiple subnets across the same VPN tunnel.

The SonicWall I'm connecting to has two disparate subnets

Remote SonicWall

Subnet 1: 167.197.197.0 /27
Subnet 2: 172.16.3.0 /24​

There is already a VPN between my office and the remote office. There is NAT on the Remote SonicWall to change the 172.16.3.0 /24 into 172.16.122.0 /24 as the original scheme already exists on my local SonicWall.

I thought this would simply be resolved by creating an Address Group comprised of the two subnet Address Objects and using that in my VPN configuration but it's not working out as planned.

Has anyone else had to tie something like this together?

 

[lone wolf]

I use this same thing to access three different subnets.

I created an Address Object and added all three subnets Two going over VPN and one to the DMZ.

what errors are you getting in the logs?

is your remote and main on the same IP address? I have my main at 10.1.x.x and remote sites 10.2.x.x, 10.3 etc. I'm connecting over 12 different locations and several more dedicated vpn tunnels this way.

 

[K600]

I'm not getting any errors in the log.

The Local LAN subnet is 172.16.1.0 /24, Remote LAN1 subnet is 172.16.3.0 /24, and Remote LAN2 subnet is 167.199.177.0 /27. The Local LAN subnet already has an address object claiming the same subnet as Remote LAN1 so Remote LAN1 is being pushed through NAT to 172.16.122.0 /24. All the NAT policies are on the remote SonicWall.

The VPN tunnel is based on an Address Group containing both LAN subnet Address Objects and the VPN is currently up and active. That said, I can only communicate with Remote LAN1; attempts to ping Remote LAN2 simply disappear altogether with no error in the logs.