HELP

TABLE OF CONTENTS

VPN > DHCP over VPN > Remote Gateway

Configuring DHCP over VPN Remote Gateway

  1. Select Remote Gateway from the DHCP Relay Mode menu.
  2. Click Configure. The DHCP over VPN Configuration window is displayed.
  3. In the General tab, the VPN policy name is automatically displayed in the Relay DHCP through this VPN Tunnel field if the VPN policy has the setting Local network obtains IP addresses using DHCP through this VPN Tunnel enabled.
Alert! Only VPN policies using IKE can be used as VPN tunnels for DHCP.
  1. Select the interface the DHCP lease is bound to from the DHCP lease bound to menu.
  2. If you enter an IP address in the Relay IP address field, this IP address is used as the DHCP Relay Agent IP address in place of the Central Gateway’s address, and must be reserved in the DHCP scope on the DHCP server. This address can also be used to manage this SonicWALL security appliance remotely through the VPN tunnel from behind the Central Gateway.
  3. If you enter an IP address in the Remote Management IP Address field, this IP address is used to manage the SonicWALL security appliance from behind the Central Gateway, and must be reserved in the DHCP scope on the DHCP server.
  4. If you enable Block traffic through tunnel when IP spoof detected, the SonicWALL security appliance blocks any traffic across the VPN tunnel that is spoofing an authenticated user’s IP address. If you have any static devices, however, you must ensure that the correct Ethernet address is typed for the device. The Ethernet address is used as part of the identification process, and an incorrect Ethernet address can cause the SonicWALL security appliance to respond to IP spoofs.
  5. If the VPN tunnel is disrupted, temporary DHCP leases can be obtained from the local DHCP server. Once the tunnel is again active, the local DHCP server stops issuing leases. Enable the Obtain temporary lease from local DHCP server if tunnel is down check box. By enabling this check box, you have a failover option in case the tunnel ceases to function. If you want to allow temporary leases for a certain time period, type the number of minutes for the temporary lease in the Temporary Lease Time box. The default value is 2 minutes.

Configuring Devices On Your LAN

  1. To configure devices on your LAN, click the Devices tab in the DHCP over VPN Configuration window.
  2. To configure Static Devices on the LAN, click Add to display the Add LAN Device Entry window, and type the IP address of the device in the IP Address field and then type the Ethernet address of the device in the Ethernet Address field. An example of a static device is a printer as it cannot obtain an IP lease dynamically. If you do not have Block traffic through tunnel when IP spoof detected enabled, it is not necessary to type the Ethernet address of a device. You must exclude the Static IP addresses from the pool of available IP addresses on the DHCP server so that the DHCP server does not assign these addresses to DHCP clients. You should also exclude the IP address used as the Relay IP Address. It is recommended to reserve a block of IP address to use as Relay IP addresses. Click OK.
  3. To exclude devices on your LAN, click Add to display the Add Excluded LAN Entry window. Enter the MAC address of the device in the Ethernet Address field. Click OK.
  4. Click OK to exit the DHCP over VPN Configuration window.

Alert! You must configure the local DHCP server on the remote SonicWALL security appliance to assign IP leases to these computers.

Alert! If a remote site has trouble connecting to a central gateway and obtaining a lease, verify that Deterministic Network Enhancer (DNE) is not enabled on the remote computer.

If a static LAN IP address is outside of the DHCP scope, routing is possible to this IP, i.e. two LANs.

Help Table of Contents