site to site VPN with 2 lan subnets in SonicWall pro 2040

nicker.par · 12-31-2008, 07:29 AM

I will appreciate your technical expertise on this issue that we encounter. The customer has a Sonicwall pro 2040 enhance o/s ver 4.0.10.15e. Our office has a Fotigate 100A. We manage to link up the Site to site VPN between the 2 firewalls. Sonicwall all local lan subnets are able to reach our private LAN network behind the Fortigate without any problem. From our private network (Fortigate) we can reach the LAN interface and the same subnet of the Sonicwall without any authentication processes.

However we are not able to reach the subnet other that the lan interface subnet of the Sonicwall. The authentication process are needed before we are allow to reach the other subnets located at 20 remote locations island wide (all having different subnets). The authentication only allow 2 hrs where a re login is require again. Being a site to Site VPN connection we cannot afford this. The authentications are for the company policy for internal user to authenticate before there are allow to access the remote location and the Internet. This has affected the site to site VPN as well. We cannot find any settings to bypass this restriction or exempt out filter. Need your advise on this.

(FYI)

SonicWall

10.100.x.x (directly connecting with sonicwall Firewall)

10.101.x.x (connected with remote location) (there is routing from Firewall to Router vice visa)

Fortigate

172.17.x.x

When I access from my private Lan network behind the Fortigate to 10.101.x.x (Sonicwall), Authenticate User login (policy login redirect) will appear.

When I access to 10.100.x.x, there is no problem.

nicker.par · 12-31-2008, 11:26 AM

Brief information again:
Sonicwall site:
There are HQ and outlets.
Outlets: 20 outlets are connecting with IPVPN(MPLS) that is support by ISP. Outlets Lan Network is 10.101.x.x
There are one CE routers in HQ.
one of the router subnet is 10.100.x.x(for HQ lan) and other subnet is 10.101.x.x (for outlets).

HQ: Hq local network is 10.100.x.x that is direct connecting by Sonicwall Firewall.
There is routing from Sonicwall FW to IPVPN CE Router vice visa. So,all HQ lan network is pingable to all outlets vice visa.
I told above is their Internal Network.

When the outlet users or HQ users need to access internet, the users must pass through by Sonicwall Firewall. If the user need to access internet, the user must login(Authentication)to Sonicwall firewall.(local database is stored in Sonicwall).
Login policy life time is assigned for 2 hours only.

Fortigate site:
Local network address is 172.17.x.x.

From Fortigate Lan Network want to ping to Sonicwall lan both subnets.
So, I created VPN tunnel. After VPN tunnel is established, I can access to 10.100.x.x that is directly connected by firewall.
I can't access to 10.101.x.x that is outlets network. But after I login (authentication user) to sonicwall, i can access to 10.101.x.x (outlets network).

(10.100.x.x and 10.101.x.x both subnets can ping to 172.17.x.x network)

I want to acceess 10.101.x.x(outlets network) without authentication user login to sonicwall firewall.

So Where is the problem and how to solve? Pls suggest me.
I m not familiar with Sonicwall Enhanced OS Firewall.

12-31-2008, 07:29 AM	#1 (permalink)
nicker.par Registered User Join Date: Dec 2008 Posts: 2 OS: xp	site to site VPN with 2 lan subnets in SonicWall pro 2040 I will appreciate your technical expertise on this issue that we encounter. The customer has a Sonicwall pro 2040 enhance o/s ver 4.0.10.15e. Our office has a Fotigate 100A. We manage to link up the Site to site VPN between the 2 firewalls. Sonicwall all local lan subnets are able to reach our private LAN network behind the Fortigate without any problem. From our private network (Fortigate) we can reach the LAN interface and the same subnet of the Sonicwall without any authentication processes. However we are not able to reach the subnet other that the lan interface subnet of the Sonicwall. The authentication process are needed before we are allow to reach the other subnets located at 20 remote locations island wide (all having different subnets). The authentication only allow 2 hrs where a re login is require again. Being a site to Site VPN connection we cannot afford this. The authentications are for the company policy for internal user to authenticate before there are allow to access the remote location and the Internet. This has affected the site to site VPN as well. We cannot find any settings to bypass this restriction or exempt out filter. Need your advise on this. (FYI) SonicWall 10.100.x.x (directly connecting with sonicwall Firewall) 10.101.x.x (connected with remote location) (there is routing from Firewall to Router vice visa) Fortigate 172.17.x.x When I access from my private Lan network behind the Fortigate to 10.101.x.x (Sonicwall), Authenticate User login (policy login redirect) will appear. When I access to 10.100.x.x, there is no problem.

12-31-2008, 11:26 AM	#2 (permalink)
nicker.par Registered User Join Date: Dec 2008 Posts: 2 OS: xp	Re: site to site VPN with 2 lan subnets in SonicWall pro 2040 Brief information again: Sonicwall site: There are HQ and outlets. Outlets: 20 outlets are connecting with IPVPN(MPLS) that is support by ISP. Outlets Lan Network is 10.101.x.x There are one CE routers in HQ. one of the router subnet is 10.100.x.x(for HQ lan) and other subnet is 10.101.x.x (for outlets). HQ: Hq local network is 10.100.x.x that is direct connecting by Sonicwall Firewall. There is routing from Sonicwall FW to IPVPN CE Router vice visa. So,all HQ lan network is pingable to all outlets vice visa. I told above is their Internal Network. When the outlet users or HQ users need to access internet, the users must pass through by Sonicwall Firewall. If the user need to access internet, the user must login(Authentication)to Sonicwall firewall.(local database is stored in Sonicwall). Login policy life time is assigned for 2 hours only. Fortigate site: Local network address is 172.17.x.x. From Fortigate Lan Network want to ping to Sonicwall lan both subnets. So, I created VPN tunnel. After VPN tunnel is established, I can access to 10.100.x.x that is directly connected by firewall. I can't access to 10.101.x.x that is outlets network. But after I login (authentication user) to sonicwall, i can access to 10.101.x.x (outlets network). (10.100.x.x and 10.101.x.x both subnets can ping to 172.17.x.x network) I want to acceess 10.101.x.x(outlets network) without authentication user login to sonicwall firewall. So Where is the problem and how to solve? Pls suggest me. I m not familiar with Sonicwall Enhanced OS Firewall.