Categories
Software System Administration

Static Devices on Remote Side of a SonicWALL Site-to-Site VPN? Remember to Renegotiate!

tl;dr If you are having trouble with devices that have static IPs on the remote side of your Sonicwall Site-to-Site VPN, go to VPN and click Renegotiate under the Currently Active VPN Tunnels.

We’ve got another warehouse with a site-to-site VPN setup using SonicWALL devices. It works decently enough for what we need.

While most of the workstations at the remote site get an IP from the DHCP server at the central site, some of the devices at the other warehouse have static IPs (printers, wireless APs, etc).

Defining these static IPs in the SonicWALL is pretty easy. On the remote gateway side, go to VPN –> DHCP over VPN –> Configure –> Devices Tab and enter the IP and MAC address of your static devices under Static Devices on LAN.

However, occasionally when adding another static IP, or when updating the firmware, or when it just feels like it, the routers will have trouble passing traffic from the central side to the remote side for just the static IPs. I’m using Nagios to report on the status of most of these devices, so it starts complaining fairly quickly that it can’t access them. Usually the remote side can still see those static devices, but for printers that connect back over the VPN to a printer server, this becomes a problem.

I used to think that just deleting all the static devices listed and re-adding them would work, but I had major problems with this today.

The workaround that seems to work for me now is simply going to the VPN settings page and clicking Renegotiate under the Currently Active VPN Tunnels section.

I don’t see anything like this written up on any of the SonicWALL support pages, so if anyone else runs into this weird situation, it’s worth a shot.