Pulling whatever hair I have left.
I can connect to the VPN with the global VPN client, I can ping the devices, but I cannot access their web page, on the same VLAN or across VLANs.
Im using a local user account, and I gave myself VPN access to the group “LAN Subnets”. I get an IP from the Sonicwall and it puts me on VLAN 1, on 10.0.0.x, and I can ping 10.0.30.x, but I cant access a device on that VLAN that is hosting a web page.
This should be quick and dumb and easy but I cant figure out why. Its not my sonicwall, but we do have sonicwall support so I can reach out the people who installed it to get a ticket going, but its like, embarrassing that I cant setup a sonicwall for remote access.
My bad, let me clarify. Im just trying to connect via IP to the web page, not a dns name.
Check your access rules. VPN to LAN zone and vice-versa. Make sure you don’t have some rule on there that only allows access to ICMP traffic.
This is either a rule issue from vpn to lan or a routing issue.
If you do a DNS lookup on the device when connected to the VPN do you get the correct IP? or an external IP?
Are you issuing the correct DNS suffix?
https://www.sonicwall.com/support/knowledge-base/ping-via-hostname-when-connected-to-ssl-vpn/170505925169950/
Is this a Dell?
I spent the longest time fixing a VPN that was only broken on some dell laptops. In fact every vpn was broken on these dell laptops.
Dell Optimiser installs some stupid Intel optimiser “ExpressConnect” that was breaking all VPNs.
Are you doing split tunnels or tunnel all? Split tunnels on Comcast/xfinity who uses 10.0.0.1/24 on the inside of their modem/gateways, and you’re going to have routing issues.
If you’re doing split tunnels, try tunnel all and see what happens.
Also, stop using GVPN and move to SSL-VPN/NetExtender. Night and day difference.
Make sure the two vlans are different zone names, I’ve had problems with routing between tw vlans that are both in the lan zone but if I create a webapps zone with the appropriate trusts/policy rules setup the routing works
that was a solid suggestion but no. Both VPN to LAN and back are allowing the traffic for VPN DHCP Clients, which is what is created with the wizard.
Im putting in a ticket with SW but until then, suggestions are welcome hah.
Check under SSL VPN > Client Settings and check your client route
Something policy based. FW or ACL. Ping goes back and forth. TraceRt and config check time.
Trying to connect via IP, not dns
check it again. I had a very similar situation with a Fortigate where the VPN worked like expected for many programs… except one. Turns out I forgot to configure a LAN to VPN rule. How everything else was working is beyond me.
Does the target server have the correct default gateway?
and unusual routes on it?