I’m working with support on this and it is moving slowly, but figured I would see if anyone has run into this before and how to fix it.
I have a new NSA 2600 (firmware 7.0.1). When X0 is used for the LAN, GVC works and obtains DHCP lease. I’m using a Windows DHCP server. I’m trying to instead not use X0 and use X16 instead (10Gbit). When doing this GVC tunnel gets established, but the client never receives an IP. From what I can tell the issue is the virtual IP adapter is bound to X0 so the NSA broadcasts the DHCP request off X0. There is no way in the config or diag page to change the bound interface for the virtual IP adapter. Any ideas how to get GVC to work using X16 for LAN against an external DHCP server?
Yes, DHCP VPN settings are setup. Internal DHCP server is not being used. It is set to send requests to the IP address of the MS DHCP server. DHCP works via IP Helpers for other vlans to obtain IPs from the central DHCP server.
If this is a limitation of the current software, has anyone found a workaround? I don’t have a problem putting X0 on my LAN. X16 has to be the primary connection and the gateway. Link aggregation is not an option due to different switches. port redundancy is not an option due to different link speeds.
I assume you mean 2700 mentioning the x16.
I have the same setup- 2700 HA pair. I created a SSLVPN IP pool on the SonicWall and have it hand out IPs to the SSLVPN clients. You want those different than internal addresses anyway. It helps with segregating the zones, since SSLVPN is a different Security Zone than your internal LAN zone is.
FWIW- I use the SonicWalls for DHCP for all vLANs at all of my sites. (before you ask, yes the internal vLANs point to my AD DNS servers for DNS)
If you are using the X16 and using an external DHCP server, are you setting the DHCP relay IP to the X16 IP in the DHCP over VPN settings?
SonicWalls generally will try to send all generated packets using the X0 IP. So if you make X16 you LAN interface you have to specify the X16 IP as the relay IP.
Are X0 and x16 in a portshield group together? Or are they seperate interfaces?
Thanks for the reply. Bit different though. My question is about the ipsec global VPN client. The virtual ip adapter for that works a bit differently than sslvpn. I have no issues with sslvpn
Thanks. I think this is going to be it. Support suggested that and I’m scheduling time to put the NSA on the network to confirm
Separate. Can’t use port shield when using HA paired unit
Yup. Gotcha, didn’t see mention of HA.
OP left off a fair bit of info. 2600 is gen 6 and can’t run OS7. After that I stopped reading 
