Arthur Hagen
Guest
|
 Posted:
Thu Jan 13, 2005 10:05 am Post subject:
Re: SonicWall Pro With VPN Client ver 8 |
|
|
rafel.coyle@pfshouston.com wrote:
| Quote: | I am using a SonicWall Pro with the VPN Client 8 software. I want to
be able to assign an IP address manually or dynamically to the remote
client that is part of our network. Our network has all public ip
addresses and we have the extra addresses available. If I assign an
address on the identity that is private and not a part of our internal
address the connection works. However if I assign the remote client
one of our addresses the client hangs when I attempt to connect. Can
this be problem be solved in our current configuration? It is not
necessary that we use DHCP manual configuration will work, but either
way I cannot get any of our internal addresses to work on the remote
client.
|
The way I see it, not knowing SonicWall, it could be one of two things:
1: The other boxes and/or switches doesn't know that traffic to XX.YY.ZZ.TT
should be sent to the SonicWall box. If XX.YY.ZZ.TT is part of the same
subnet as other XX.YY.ZZ.NN hosts, the packets won't be routed to a gateway,
and if the arp of the remote box isn't seen in clear packets on the inside,
the switch may not know where to send the packets. You need to have the
firewall box listen to that address on the LAN side (masquerading) and
forward the packets, and unless the client can send data first, perhaps even
replace a smart switch with a dumb repeater hub.
Alternatively, give remote clients a subnet of their own, and propagate the
correct route to that subnet on your internal network. It's more work, but
a much better solution, as it doesn't require any extra work when adding the
next remote host, and makes it easier to set up different DHCP values for
remote hosts (like shorter timeouts, closer DNS/WINS servers etc.)
2: The DHCP server has not been set to be authoritative for your public
addresses, and when the client asks "Are there any authoritative DHCP
servers for XX.YY.ZZ.NN here?", no DCHP server answers. This is usually
only a problem when the DHCP renewal time is also set very high, often
because all other boxes have static or semi-static IPs, and the box has
received long-lived DHCP info before that hasn't timed out yet. If that's
the case, and it's a wintel box, try "IPCONFIG /RELEASE" before initiating
the VPN connection (and then fix the DHCP server to be authoritative and
have lower renewal times).
Regards,
--
*Art |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in