|
Posted by mak on January 4, 2007, 11:32 am
If you were Registered and logged in, you could reply and use other advanced thread options
snoconegod@gmail.com wrote:
> Hey folks,
>
> I've got two VPNs set up right now: 1) a site-to-site tunnel between my
> main office (Chicago) and a branch (Toronto), and 2) the GVC allowing
> on-the-road or at-home access for employees to login to Chicago.
> There's a SonicWALL TZ-170 here in Chicago and a Netscreen N25 in
> Toronto.
>
> The global clients can access resources in Chicago just fine. And the
> computers that are in the Chicago office can access Toronto resources
> across the site-to-site VPN just fine, too (and vice-versa). The GVC
> clients are leasing DHCP addresses directly from my DHCP server, NOT
> from the SonicWALL.
>
> Unfortunately, the global clients cannot "pass through" this
> site-to-site tunnel. By this, I mean that my on-the-road users can't
> see any Toronto stuff whatsoever. I tried implementing a few firewall
> rules to allow traffic from the VPN DHCP lease subnet to the Toronto
> destination subnet, but those didn't work. I probably did them wrong
> though...am I on the right track with that, or is something else going
> on?
>
> I was under the impression that since the GVC clients have virtual
> addresses in the LAN subnets scope (due to their receiving IPs from the
> DHCP server on the LAN subnet) that they would be "in" the firewall
> already and I wouldn't have to set any new rules up to allow this
> traversal between VPN links. Am I way off, here?
>
> I've done a fair amount of searching through the forums here but
> haven't seen a question like mine quite yet. Then again, I'm rather
> terrible at searches, so please forgive me if I overlooked one (or
> many!).
>
> Thanks very much for your support!!
>
> John
>
hi,
i am not sure if you can "tunnel through a tunnel" with the 170,
do you see any errors in either the tz170 or the gvc log?
why don't you add a second profile to the gvc clients with Toronto being the
endpoint?
M
| 
XML site map