SGMS interconnected VPN's 2

[davidfsmith]

Right I'm using the SGMS with the express purpose of making my life easier to setup interconnected VPN's

We have 7 offices, all of which have a direct VPN connection to the main office, however to get our IP phones able to use the VPN for inter office calls I want to set all offices with VPN connections to all other offices (rather than routing all traffic through the main office)

So far I've got no where most of the time the interconnected VPN routes don't appear on the other office sonicwalls or they do but with no Network IP settings.

Any one got any tips for making this work, surely it shouldn't be this hard, after all the point of SGMS is so that it makes things easier.

Regards
Dave

 

[SonicWALLInstructor]

Hello David,

To truly help you I need more info:

1) What type of SonicWALL Firewall is at each site???
2) Are they licensed?
3) What is the total licensed VPN tunnels?

With this info I can begin to assist you.


Roger L White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
Need Help call anytime.

 

[davidfsmith]

Mixture, details below:
Name Type Ver Remaining SAs
Office 1 TZ 170 2.0.0.2 9
Office 2 TZ 170 2.0.0.1 9
Office 3 PRO 200 6.6.0.6 499
Office 4 SOHO3/10 6.5.0.4 9
Office 5 PRO 2040 3.1.0.1 39
Office 6 SOHO3/10 6.5.0.4 8
Office 7 TZ 170 2.2.0.1 8
Office 8 TELE3 6.3.1.0 4

Office 5 is the head office device, and all of the other routers have a VPN connection to that office. This is also where the machine with GMS resides.

I should also (based on my understanding) move some of the VPN licenses from Office 3 into a group based system, so Office 8 can be "given" the additonal licenses as required...

TIA for any assistance

 

[SonicWALLInstructor]

Hi David,

Thanks for replying back.

There are many scenerios you can choose:

1. Mesh VPN topology (every box froms a tunnel with every other box - only if all of the boxes have a Static WAN ip.)

2. VPN Hub and Spoke Topology (the best chose for different boxes connecting together.

We can set up a time where we can look into the box together and I will help you set it up.


Roger L White CISSP, CISA, CISM, GSEC
Certified SonicWALL Instructor
Security Team
Invenio Technology
(212)244-4994 ext. 715
(917)326-0386
Need Help call anytime.

 

[davidfsmith]

I'm going to go for the Mesh topology as all of the boxes have a static IP address, it also means that only relevant traffic goes to the main Hub...

My understanding is that with the SGMS I can just create an interconnected VPN connection and the details of the connection are sent to all SonicWalls in the group, however when I've done this it mostly fails, either the settings aren't set in the SonicWalls or they have no local IP address at the remote end point...

 

[davidfsmith]

Ok got bored with the SGMS approach and spent yesterday morning creating all the VPN routes, not the best way of doing things, but it did work....

I'm going to update the firmware of all devices to the latest (and greatest) versions and maybe then I'll try using SGMS again for the interconnected routes.

(meanwhile to tracking down an invliad firmware error I'm getting with a TZ170)