Hmmm... Lousy wording for the subject; apologies.

Those of you following this thread (and of course, Craig) will recall
that I am working on a multiple 3rd party S2S VPN to BM38 for a client
of mine.

Thanks to Craig, I have the ability to set up the tunnels and get
traffic from the slave side to the master network. I am able to set up
BM proxy rules, too, and proxy web traffic through to limit the content
at the remote locations (really neat).

Next up: I need to be able to get from VPN Site A to VPN Site B, and
from the private net (located behind the BM server) to any of the
available slave sites. Currently, while I can indeed ping from the
remote site to the BM server (and other private addresses), I cannot
ping from the server back out to the slave network(s).

This does not appear to be a filtering issue, as I have unloaded
IPFLT.NLM and there is no change. My best guess is that this is a
routing issue or a NAT issue...

Static routes are set up for the respective remote networks via the
tunnel address "assigned" to each one in the VPN config. Am I missing
someting on the remote side (these are SonicWALL TZ170 units, and my own
office is running NSM 6.300 - same behavior)? On the remotes, I am
configuring to protect the two private nets behind BM. 3rd Party Traffic
Rules have both of those nets listed for the master server, and the
remote network listed for the slave (all nodes on each subnet). For example:

Slave net:

Private nets:,

BM Master Tunnel IF:

Slave Tunnel IF (for above):

Static route on BM server: - >



Lewis G Rosenthal, CNA, CLP, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
New York / Northern Virginia
eComStation Consultants
Novell Users International
Need a managed Wi-Fi hotspot?