RE: [SonicWALL]- Problem forwarding packets

[Jesper Bach]

Title: Message

Lance,   It goes something like this :   Main office IP : 10.0.0.1/24 remote locations : 10.0.2.0/24 and 10.0.3.0/24 VPN Client IP's : 10.0.1.1/32, 10.0.1.2/32, 10.0.1.3/32 and so on.   SA for VPN clients : Destination networks : 10.0.1.1/255.255.255.255, 10.0.1.2/255.255.255.255 and so on Enable "Forward packets to remote VPN's " at the central hub (office) SA's, and only on the HUB.   At remote office's add 10.0.1.0/255.255.255.0 as dest. network for the VPN clients to be able to reach these destinations also.   At the VPN client create 3 destination networks, with subnet as destination, one for each remote location including  the HUB IP network : 10.0.0.0, 10.0.2.0, 10.0.3.0/24 Remember to input pre-shared key for each dest. network.   Just like you would dow with a normal hub & spoke setup, except for the 32 bit subnet masks on the VPN clients, denoting a single IP host address.   /jesper      -----Original Message----- From: Lance Loudan @ Benedict [mailto:[EMAIL PROTECTED]] Sent: 17. december 2002 15:33 To: '[EMAIL PROTECTED]' Subject: RE: [SonicWALL]- Problem forwarding packets OK, I have done that, my question is what is Spoke 1 is the VPN client setup in Advanced mode.  Do I need to setup another connection with the different subnet on it.  I am asking this because I tried this and it still is not working.  Do I also have to add the VPN internal IP address to Spoke 2.   Lance L -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- Problem forwarding packets On each "spoke" of the wheel, you have to define the other remote networks (other spokes) under the networks listed in the SA properties page.   Example:   Hub network is 10.0.0.0/24 Spoke1 is 10.0.1.0/24 Spoke2 is 10.0.2.0/24 Spoke3 is 10.0.3.0/24   You want Spoke 1 to have access to Spoke2.   On the SA properties of Spoke 1, you have a destination network specified of 10.0.0.0/24 You need to add a specified destination network of 10.0.2.0/24.   Now, the Sonicwall will know that anything destined for 10.0.2.0/24 is to be sent through the VPN to the hub Sonicwall, which will then forward it via the appropriate SA to that network.   John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA  92835 www.reliancesoft.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lance Loudan @ Benedict Sent: Monday, December 16, 2002 11:54 AM To: SonicWall User Forum (E-mail) Subject: [SonicWALL]- Problem forwarding packets   I have set up my VPN client as set forth in the advance instructions supplied from Sonicwall.  I have that working fine and can connect to the firewall, my problem is that it is not forwarding to remote VPNs.  Do I need to setup a client for each new subnet and route it through the same firewall.  I guess my question is what tells the firewall to route the packets.  I have checked the route table and the remote VPN are not listed in it but I have SAs setup for all of them.  Do I still need to add them to the routing table?  The routes that I did add to the routing table are still not working either.  I could use some help please.   Lance L