I have a company network running behind a SonicWall NSA 220. We have a wired internal network with workstations and file servers, but have all WLAN on a DMZ to allow guests to use it without access to the good stuff.
The WLAN zone is NOT the built-in one, since that requires Dlink access points. So, as far as the SonicWall knows, VPN users are simply another DMZ on their own network port.
We have a L2TP VPN set up, which runs fine when connecting from the outside.
My problem is that users on the WLAN are unable to connect to the VPN. This is needed for laptops in meeting rooms and whatnot, but when we try to dial up using the exact same settings that the same users use on the same computers from their WLAN at home, nothing happens.
The same connections worked flawlessly on our former firewall, a ZyXEL USG, using the same access points.
I've tried allowing all kinds of access from the WLAN DMZ to the public gateway address, temporarily even directly from the DMZ to LAN, but in every case it seems as if the VPN connection attempt doesn't even reach its target. The SonicWall log has plenty of information when someone connects from home, starting with IKE -- but when the connection is attempted from WLAN, the log is completely empty about it.
There is full access directly from the WLAN to a single server on the LAN, and to another DMZ, so I feel that a normal firewall issue is unlikely. On the other hand, the fact that the log is quiet sounds like a firewall dropping the connection.
I have set up a GroupVPN policy for the WLAN DMZ, which is using the exact same settings as the WAN GroupVPN policy.
LAN, VPN and WLAN DMZ IP are of course three different subnets.
Any ideas?
