Hey folks,
I've got two VPNs set up right now: 1) a site-to-site tunnel between my main office (Chicago) and a branch (Toronto), and 2) the GVC allowing on-the-road or at-home access for employees to login to Chicago. There's a SonicWALL TZ-170 here in Chicago and a Netscreen N25 in Toronto.
The global clients can access resources in Chicago just fine. And the computers that are in the Chicago office can access Toronto resources across the site-to-site VPN just fine, too (and vice-versa). The GVC clients are leasing DHCP addresses directly from my DHCP server, NOT from the SonicWALL.
Unfortunately, the global clients cannot "pass through" this site-to-site tunnel. By this, I mean that my on-the-road users can't see any Toronto stuff whatsoever. I tried implementing a few firewall rules to allow traffic from the VPN DHCP lease subnet to the Toronto destination subnet, but those didn't work. I probably did them wrong though...am I on the right track with that, or is something else going on?
I was under the impression that since the GVC clients have virtual addresses in the LAN subnets scope (due to their receiving IPs from the DHCP server on the LAN subnet) that they would be "in" the firewall already and I wouldn't have to set any new rules up to allow this traversal between VPN links. Am I way off, here?
I've done a fair amount of searching through the forums here but haven't seen a question like mine quite yet. Then again, I'm rather terrible at searches, so please forgive me if I overlooked one (or many!).
Thanks very much for your support!!
John