a week ago
I am setting up a network for a small business. Their SAP business solution is hosted off site and the hosted company wants a Dell SonicWall placed on my network to establish a VPN to their network.
Im using a Unifi Gateway pro 4 and Unifi 48 POE port switch.
Cloud Key Controller verison 188.8.131.52
How would I configure this setup?
Do I connect the Dell SonicWall LAN port to my LAN switch and the Dell SonicWall WAN to my WAN switch (switch between Unifi Gateway and ISP circuit)?
If that is the correct way to set it up physically then how would I route LAN traffic to the Dell SonicWall?
Internet > WAN switch > (WAN) Sonicwall (LAN) > (WAN) USG (LAN) > Lan switch > lan clients
(WAN) = WAN port
(LAN) = LAN port
Wednesday - last edited Wednesday
So, is there any reason you can't just let their VPN connect to your unifi gateway? I am successfully running this config in a couple of places (sonicwall <--> unifi site to site)
Thanks for the quick response UBNT-jaffe
How would i set up the transit network on the USG?
Will the Sonicwall control all network traffic, their network and my network?
I have only set up basic networks for small businesses. Maybe a VLAN here and there, along with a VPN between sites using unifi devices. Im challenging myself on this install.
At this time i only have direct contact with the costomer and not the hosted business solution. But Yes i would rather do a VPN from my USG to their netwrok. I am familiar with the type of setup.
For the transit network, it's just a unique subnet between the USG WAN and the Sonicwall LAN. Same thing as any other network, except you can make it a /30 (for 2 useable addresses) and it's just so the USG can communicate with the sonicwall and vice-versa. It gets a little more complicated when you have 2 gateways at the same site though, because in order for the USG's LAN to communicate with the remote LAN behind the VPN, the sonicwall has to advertise those as it's phase 2 networks, which means you might have to disable NAT on the USG and add static routes on the sonicwall to be able to reach those devices on the USG LAN.
It might actually be a bit easier to use the USG facing the internet, and have the sonicwall facing the LAN (swap the USG and sonicwall in the diagram I previously drew), then just port forward UDP500/4500 on the USG to the sonicwall WAN IP so the VPN can be functional. Then you won't have to tinker with NAT and static routes.