1. Home
  2. Networking Firewalls
  3. Sonicwall Pro 4060 and TZ170 at remote end - VPN problem/question.

Sonicwall Pro 4060 and TZ170 at remote end - VPN problem/question.

Hello all.

I've been trying to get this working for sometime but failing.

I have a Pro 4060 at the central location and a TZ170 at my house. On the Pro 4060, there is /22 network block firewalling the internal block which works fine.

I'd like to be able to have the TZ170 use IPs within that /22 across a VPN and provide ips from same block into my internal LAN on the remote network.

Then I should be able to access all the firewalled machines internally and also access the internet from the remote location via the central networks internet connectivity.

Any help appreciated!

Matt

Reply to
mmartingm
Loading thread data ...

Simply forget it, use a different subnet at home.

Wolfgang

Reply to
Wolfgang Kueter

Hi,

Thanks... I can get another block without a problem - but what would be the best way to do this. I want the block to be a public accessable block that has any applicable firewall rules that filter traffic before it reaches the remote network.

Thanks

Matt

Reply to
mmartingm

Normally one would use private IPs from different subnets for both networks, like e.g. 10.0.0.0/22 for the headquarter and 10.0.4.0/24 for the branch office.

Of course you can use public adresses as well (however that would be a rather unusual setup) but once you do that. you can only reach the machines on the other side of the tunnel through the tunnel. Filtering the traffic that goes throught the tunnel should be possible as usual.

Wolfgang

Reply to
Wolfgang Kueter

Matt,

At work we have these devices. We have a Pro 2040 and the satelite offices have the TZ170. We are able to do a Gateway to Gateway VPN, however we have not had success with DCHP over the VPN, once you have the VPN up you can add routes to the networks you need to reach. once you do that you can access any device on the other network as if it was on your own network. SonicWALL support is usually very good so you can always call them.

Hope that helps,

Hex

Reply to
Hexalon

Hi,

I think I may need to look at a bridge over VPN instead of standard routed VPN. Which makes this even more of a task :(

Thanks for your help.

Reply to
mattmartincouk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.