Hi all
I am trying to setup the gvpn so that users can connect from home and experiencing a strange issue.
The VPN connects fine and distributes an IP (192.168.200.51 for instance) I then try and ping our exchange server or any other server (192.168.200.109) and when it replies once then I get request timed out.
Looking at the Sonicwall it looks like the exchange server is trying to respond on X4 which is a seperate VLAN (192.168.205) on the second attempt as shown in the Sonicwall.jpg attachment.
The X4 is configured for our Sonicpoints and I have ticked the "Only allow traffic generated by a SonicPoint / SonicPointN" option. Thinking about it our devices are NDR's does this make a difference?
I can't understand why it is trying to reply on X4 and not X1 like it does on the first attempt.
Sonicwall are saying this is a server or switch issue, the server only has one NIC enabled and is as mentioned on the .200 network.
Swtich wise we use Netgear GS748TS stacked and with 5 ports tagged to 7 seperate VLANs (We have 6 SSID's .206, 207, 208, 209, 210, 211 and the .205 for the X4 interface)
I mention the exchange server as an example it is happening on all servers/machines when I try to pink from the VPN.
They respond fine on the local LAN and static VPN's already setup (Draytek routers for satelite offices)
If I remove the cable from X4 it works as expected/hoped.
Just to add it also logs things like this
3 01/09/2014 12:15:06.624 Notice Network Access ICMP packet dropped due to policy 192.168.200.242, 0, X4 192.168.200.57 ICMP Echo Reply, Code: 0
Have I got a loop going here as there is X0 and X4 connected to the same switch? Even though X4 is on 192.68.205?
Sorry for the long post and any help appreciated.
Cheers
Edit: Just been looking over the Netgear configuration and do I need to unlink the ports linked for the VLAN's from VLAN 1?
Currently ports 13,14,15,16 and 17 are configured for the various VLANs but they also show as U on VLAN ID 1 (Which I think is default for the Netgears). Do I need to edit these to be blank? As they are tagged in different VLAN's?
Cheers