VPN > DHCP over VPN > Remote Gateway
Configuring DHCP over VPN Remote Gateway
Alert! Only VPN policies using IKE can be used as VPN tunnels for DHCP.
Select Remote Gateway from the DHCP Relay Mode menu.
- Click Configure. The DHCP over VPN Configuration window
- In the General tab, the VPN policy name is automatically
displayed in the Relay DHCP through this VPN Tunnel field
if the VPN policy has the setting Local network obtains
IP addresses using DHCP through this VPN Tunnel enabled.
Select the interface the DHCP lease is bound to from the DHCP lease
- If you enter an IP address in the Relay IP address field,
this IP address is used as the DHCP Relay Agent IP address in place of the
address, and must be reserved in the DHCP scope on the DHCP server. This
address can also be used to manage this SonicWALL security appliance remotely
the VPN tunnel from behind the Central Gateway.
- If you enter an IP address in the Remote Management IP Address field,
this IP address is used to manage the SonicWALL security appliance from behind
Central Gateway, and must be reserved in the DHCP scope on the DHCP server.
- If you enable Block traffic through tunnel when IP spoof detected,
the SonicWALL security appliance blocks any traffic across the VPN tunnel
that is spoofing
an authenticated user’s IP address. If you have any static devices,
however, you must ensure that the correct Ethernet address is typed for
The Ethernet address is used as part of the identification process, and
an incorrect Ethernet address can cause the SonicWALL security appliance
to IP spoofs.
- If the VPN tunnel is disrupted, temporary DHCP leases can be obtained
from the local DHCP server. Once the tunnel is again active, the local DHCP
stops issuing leases. Enable the Obtain temporary lease from local
DHCP server if tunnel is down check box. By enabling this check
box, you have a failover option in case the tunnel ceases to function. If
you want to allow temporary
leases for a certain time period, type the number of minutes for the temporary
lease in the Temporary Lease Time box. The default value is 2 minutes.
Configuring Devices On Your LAN
To configure devices on your LAN, click the Devices tab
in the DHCP over VPN Configuration window.
- To configure Static Devices on the LAN, click Add to display the Add
LAN Device Entry window, and type the IP address of the device in the IP Address
and then type the Ethernet address of the device in the Ethernet
Address field. An example of a static device is a printer as it cannot obtain an
dynamically. If you do not have Block traffic through tunnel when
IP spoof detected enabled, it is not necessary to type the Ethernet address of a device.
You must exclude the Static IP addresses from the pool of available IP addresses
on the DHCP server so that the DHCP server does not assign these addresses
to DHCP clients. You should also exclude the IP address used as the Relay
IP Address. It is recommended to reserve a block of IP address to use as
IP addresses. Click OK.
- To exclude devices on your LAN, click Add to display the Add
Excluded LAN Entry window. Enter the MAC address of the device in the Ethernet
- Click OK to exit the DHCP over VPN Configuration window.
Alert! You must configure the local DHCP server on the remote SonicWALL security appliance
to assign IP leases to these computers.
Alert! If a remote site has trouble connecting to a central gateway and obtaining
verify that Deterministic Network Enhancer (DNE) is not enabled on
the remote computer.
If a static LAN IP address is outside of the DHCP scope, routing is possible
to this IP, i.e. two LANs.
Help Table of Contents