VPN into multiple LAN Subnets
Posted
by
Rain
on Server Fault
See other posts from Server Fault
or by Rain
Published on 2012-11-24T20:41:54Z
Indexed on
2012/11/24
23:05 UTC
Read the original article
Hit count: 241
I need to figure out a way to allow access to two LAN subnets on a SonicWall NSA 220 through the built-in SonicWall GlobalVPN server. I've Googled and tried everything I can think of, but nothing has worked. The SonicWall NSA management web interface is also very unorganized; I'm probably missing something simple/obvious.
There are two networks, called Network A
and Network B
for simplicity, with two different subnets. A SonicWall NSA 220 is the router/firewall/DHCP Server for Network A
, which is plugged into the X2
port. Some other router is the router/firewall/DHCP server for Network B
. Both of these networks need to be managed through a VPN connection.
I setup the X3
interface on the SonicWall to have a static IP in the Network B
subnet and plugged it in. Network A
and Network B
should not be able to access each other, which appears the be the default configuration. I then configured and enabled VPN.
The SonicWall currently has the X1
interface setup with a subnet of 192.168.1.0/24
with a DHCP Server enabled, although it is not plugged in. When I VPN into the SonicWall, I get an IP address supplied by the DHCP Server on the X1 interface and I can access Network A
remotely although I do not have access to Network B
.
How can I allow access to both Network A
and Network B
to VPN clients although keep devices on Network B
from accessing Network A
and vice-versa.
Is there some way to create a VPN-only subnet (something like 10.100.0.0/24) on the SonicWall that can access Network A
and Network B
without changing the current network configuration or allowing devices on both netorks "see" each other? How would I go about setting this up?
Diagram of the network: (Hopefully this kind of helps)
WAN1 WAN2
| |
[ SonicWall NSA 220 ]-(X3)-----------------[ Router 2 ]
| |
(X2) 192.168.2.0/24
10.1.1.0/24
Any help would be greatly appriciated!
© Server Fault or respective owner