?
Solved

IP config with Qwest DSL, Cisco 678, Sonicwall SOHO3 and static IPs

Posted on 2003-03-14
35
Medium Priority
?
1,821 Views
Last Modified: 2007-12-19
Sonicwall SOHO3 set up as my DHCP server issuing private IPs to my local LAN (Win 2k machines)

connected to a Cisco 678 DSL Router connected to Qwest DSL

When my Cisco is configured to pull is IP info via DHCP from Qwest, everything works fine, Sonicwall pulls its WAN IP info from the Cisco, the Cisco gets a WAN IP 63.230.203.254 and and IP of 10.0.0.1, the Sonicwall receives an IP of 10.0.0.2 and a gateway of 10.0.0.1 and subnets of 255.255.255.0

Like I said, the above works perfectly, the LAN computers get IPs in the 192.168.168.x range, they use 192.168.168.1 (sonicwall internal IP) as they're gateway, they can surf the net, access email, the sonicwall protects us, we're happy, yada yada....

Now.... I leased a block of static IPs from Qwest, got assigned 209.180.147.128 thru 209.180.147.135.  The label .128 as Reserved Network, .134 as Reserved Gateway, .135 as Reserved Broadcast, and the other 5 as user assignable.

Here's what I do to configure the Cisco 678
set nat disable
set dhcp server disable
set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 dns 0.0.0.0
set ppp wan0-0 login ktpc1
set ppp wan0-0 password xxxxxxxxxxxxxx
set int eth0 address 209.180.147.134
set int eth0 netmask 255.255.255.248
set int wan0-0 disable
set int wan0-0 close
set int wan0-0 vpi 0
set int wan0-0 vci 32
set int wan0-0 enable

write
reboot

I configure the Sonicwall to work in NAT enabled mode
I keep the LAN IP at 192.168.168.1 the mask as 255.255.255.0
I set the WAN Gateway address as 209.180.147.134
I set the sonicwall WAN (NAT Public address) as 209.180.147.129 (the first of my five user assignable)
I set the sonicwall WAN subnet as 255.255.255.248
I set the DNS servers to 206.80.192.1 and 204.147.80.5 (per Qwest)


I cannot surf the web, check email, nothing from my workstations.  

Here's what I can do

From the Cisco - I can tracert all the way to the DNS servers (and presumably beyond)

From the sonicwall I can tracert as far as 63.230.203.254 (the WAN IP of the Cisco)
From the workstations I can tracert as far as 63.230.203.254 (the WAN IP of the Cisco)

Of course Qwest says its not their problem, sonicwall says its qwest's problem, blah blah.

I think the problem lies in the Cisco, I don't think it knows to route traffic from the LAN to the WAN, how do I check this?

Qwest did say it takes 24 hours for the IPs to become "routable".  That was 30 hours ago.  Is it possible that I just need to wait it out longer, or I am configuring something wrong?
0
Comment
Question by:dcaparaso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 10
  • 2
  • +4
35 Comments
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139122
Have you always had 2 subnet masks?
0
 

Author Comment

by:dcaparaso
ID: 8139230
Nope, is that the problem?  When I'm setup in DHCP mode, the WAN subnet on the sonicwall is 255.255.255.0, which is also the subnet that the sonicwall gives the DHCP clients (my workstations)

Now, if I set the subnet to the same (255.255.255.248), how many workstations can I have on that subnet?  

Is there a way to create the link between the two subnets?  
0
 

Author Comment

by:dcaparaso
ID: 8139238
Nope, is that the problem?  When I'm setup in DHCP mode, the WAN subnet on the sonicwall is 255.255.255.0, which is also the subnet that the sonicwall gives the DHCP clients (my workstations)

Now, if I set the subnet to the same (255.255.255.248), how many workstations can I have on that subnet?  

Is there a way to create the link between the two subnets?  
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:dcaparaso
ID: 8139250
Nope, is that the problem?  When I'm setup in DHCP mode, the WAN subnet on the sonicwall is 255.255.255.0, which is also the subnet that the sonicwall gives the DHCP clients (my workstations)

Now, if I set the subnet to the same (255.255.255.248), how many workstations can I have on that subnet?  

Is there a way to create the link between the two subnets?  
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139278
well... i will admit i am not 100% sure, but i would guess you need the same subnets with in the same network, unless you are subnetting a subnet, which gets complicated.
is there a reason you need those static ip's, why not run one static to the nat, then use a class a or b private internal address.  gives you more security.
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139288
on the address 255.255.255.248 you can have 14 hosts if you are using class ip's
0
 

Author Comment

by:dcaparaso
ID: 8139397
thats what i'm trying to maintain, a private internal numbering on the LAN (192.168.168.x)  The sonicwall is the gateway on the LAN.  I only want one static IP, I want it on the WAN side of the sonicwall

Here's what I have
63.230.203.254 WAN of Cisco 678 (assgned via DHCP of Qwest)
10.0.0.1 (subnet 255.255.255.0) LAN of Cisco 678
          |
10.0.0.2 (subnet 255.255.255.0) WAN of sonicwall(DHCP-Cisco)
192.168.168.1 LAN (subnet 255.255.255.0) of sonicwall
          |
192.168.168.x (subnet 255.255.255.0) are the IPs of the workstations (assigned via DHCP of the sonicwall)
The above config works

Here's what doesn't work
63.230.203.254 WAN of Cisco 678 (assigned via DHCP of Qwest)      
209.180.147.134 LAN (sn 255.255.255.248) of Cisco 678
           |
209.180.147.129 WAN (sn 255.255.255.248) of sonicwall
192.168.168.1 LAN (sn 255.255.255.0) of sonicwall
           |
192.168.168.x (sn 255.255.255.0) workstations
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8139416
Is your 678 in bridge mode? If so, that's why you can't get past it.
0
 

Author Comment

by:dcaparaso
ID: 8139442
would a subnet misconfiguration still allow a machine on the LAN to ping thru the sonicwall to the WAN address of the Cisco 678?

It seems to me the difference in subnets lies in the sonicwall and would cause any problems to terminate at the sonicwall, ie. not be able to ping past the sonicwall
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139447
well, instead of using 192, use a pvt non routable addy, like 10.0.0.1
well... it looks like your tying to go from a ip quest gave you, to an ip quest gave you then through the nat to a internal address you made up.  Is that right?
0
 

Author Comment

by:dcaparaso
ID: 8139449
i don't believe so, I think its in PPP mode as its always been
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139467
LOL, i was waiting on irmoore to show up and shed some light.  I am confused on all the numbers, if you just need one link to the outside world, you only need one ip for that.  everything else can come after the nat and use pvt internal numbers.
0
 

Author Comment

by:dcaparaso
ID: 8139496
trying to go from an IP qwest gave me to a static qwest leased (WAN and LAN of cisco) to a different static from qwest to a private IP I assigned (WAN and LAN of sonicwall)

If the sonicwall has two different subnets (255.255.255.248 on WAN, 255.255.255.0 on LAN) would it cause the problems and symptoms that i've explained.
0
 

Author Comment

by:dcaparaso
ID: 8139515
rrhunt28 - what are you talking about.  

Ultimately I plan to have a VPN between the two sonicwalls.  The other sonicwall would need to know where to find this sonicwall, so its needs a static IP correct?  

0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139569
Yes, the end would need a static ip if its a dedicated VPN i think.  You said lan, wan, and internet, so you a lan connection there, then you have a second connection that connects to your companies wan(part of ai) then you have local internet link?
0
 

Author Comment

by:dcaparaso
ID: 8139613
in Phoenix I have Qwest DSL phone line connected to Cisco 678 router connected via Cat 5 to sonicwall WAN port sonicwall LAN port connected to HUB via CAT 5 connected to workstations

in Corporate I have a Time Warner Cable connection connected to Zylec cable modem connected to Sonicwall PRO 200, successfully with static IPs
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139648
ok, so give the first port on the router the first ip, the second ip give to the out port on the router, then give the the 3rd addy to the in of the firewall, then enable nat, and everythign else will be 10.x.x.x
0
 

Author Comment

by:dcaparaso
ID: 8139678
I don't think that will work, I don't think I can assign an IP to the WAN of the Cisco, I think thats assigned via DHCP from Qwest.
0
 

Author Comment

by:dcaparaso
ID: 8139680
I don't think that will work, I don't think I can assign an IP to the WAN of the Cisco, I think thats assigned via DHCP from Qwest.
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139764
If you own ip's why do you still need the qwest dhcp?
0
 

Author Comment

by:dcaparaso
ID: 8139805
I don't know, all I know is, following the Qwest setup proceedures they don't specify any way or reason to change the WAN IP.  They say to change the LAN IP to what they now say is your default gateway.

I then assign the sonicwalls default gateway that same IP I just assigned the cisco as its LAN IP

Packets are successfully pinging from a LAN workstation thru the sonicwall to the the WAN IP of the Cisco (the one that it picks up from DHCP from Qwest)  
0
 

Author Comment

by:dcaparaso
ID: 8139828
I don't know, all I know is, following the Qwest setup proceedures they don't specify any way or reason to change the WAN IP.  They say to change the LAN IP to what they now say is your default gateway.

I then assign the sonicwalls default gateway that same IP I just assigned the cisco as its LAN IP

Packets are successfully pinging from a LAN workstation thru the sonicwall to the the WAN IP of the Cisco (the one that it picks up from DHCP from Qwest)  
0
 

Author Comment

by:dcaparaso
ID: 8139841
I don't know, all I know is, following the Qwest setup proceedures they don't specify any way or reason to change the WAN IP.  They say to change the LAN IP to what they now say is your default gateway.

I then assign the sonicwalls default gateway that same IP I just assigned the cisco as its LAN IP

Packets are successfully pinging from a LAN workstation thru the sonicwall to the the WAN IP of the Cisco (the one that it picks up from DHCP from Qwest)  
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139854
Ok, is the wan, and the internet the same link going out of your building?
0
 

Author Comment

by:dcaparaso
ID: 8139883
yes the wan and the internet are both the same leaving the cisco
0
 
LVL 5

Expert Comment

by:rrhunt28
ID: 8139898
ok, then they only need one ip, and you can put your one of your new ip's you bought in there, that would be the only place you would want to put it.  Then run to the nat on the firewall.  
0
 
LVL 1

Expert Comment

by:Beerman
ID: 8140872
This should work on your config.  First do a write erase.  also keep the ip and mask on the same line

set ppp wan0-0 login (ENTER IN THE USERNAME)
set ppp wan0-0 password (ENTER IN THE PASSWORD)
set nat disable
set dhcp server disable
set interface eth0 address 209.180.147.134 netmask 255.255.255.248
write
reboot

As for the sonicwall
Wan gateway 209.180.147.133
mask 255.255.255.248

Lan 192.168.168.1
mask 255.255.255.0

FYI rrhunt28 192.168.x.x and 10.x.x.x are routable IP's, however they are private IP's that can not be used on the internet, and either are recommended on the lan

On the issue of subnets, the local side of the sonicwall is totally separate from the wan side.  The subnet has to match on all devices on the same side.  All pc's and the sonicwall lan have to match.  The Sonicwall wan and Cisco Lan have to match
0
 
LVL 1

Expert Comment

by:Beerman
ID: 8140884
Another note, here in minnesota, qwest is refered to as Q-worst, or US-worst, as it used to be called.

I also forgot this on the 678 config for the code red fix

set web disable
set web port 8888

hope that helps
0
 
LVL 2

Expert Comment

by:MCSE-2002
ID: 8141030
I have 38 DSL lines at work, and I do this all day long.
The first part is important.
---erase old records!!!---

Set NVRAM erase
write
reboot

---create new records----                            

set ppp wan0-0 ipcp 0.0.0.0
set ppp wan0-0 dns 0.0.0.0
set ppp wan0-0 login jimbo
set ppp wan0-0 password youguessedit
set int eth0 address 205.34.23.12
set int eth0 netmask 255.255.255.248
set int wan0-0 disable
(wait a few seconds)
set int wan0-0 vpi 0
set int wan0-0 vci 32
set int wan0-0 enable
set web disable
set web port 64213 (or whatever, just not 80)
write
reboot


Connect your laptop/pc directly to ethernet on 678. Set ip address on pc to one less than default gateway. in my example
205.34.23.11..

Try to ping qwest dns servers 206.80.192.1 from inside 678. Try doing a traceroute to the dns server.

Try to connect to the internet. If you can't, call 1-888-777-9569 (Qwest dsl tech support). I have had many lines where the Static Block did not take and I was forced to delete block, and readd from qwest.net.

If you are able to ping internet from telnet cisco modem, but to from your pc, you may have a bad modem. I have had 3 out of 39 fail.

Hold out for a cisco 678.
DO NOT LET THEM GIVE YOU AN ACTIONTEC. It is the worst piece of garbage I have ever used.

Good luck,

Paul 602-430-8109

0
 

Author Comment

by:dcaparaso
ID: 8141086
Thank everyone for the recent comments, I won't be able to try any of them out until Monday, I didn't want anyone to think I'm ignoring them.

Quickly for Beerman, I'll try your comment again, but I'm pretty sure thats what I've got setup already and its just not working.

For MSCE-2002 - I have a 678 already.  I did briefly try to bypass the sonicwall and hook directly up to the 678 from my PC and had  the same results.  I don't think the modem is bad, it works perfectly when I'm not using the static IP setup

I agree with the Q-Worst comment, they tech reps are ignorant and you get 5 different answers from 5 different reps.  Can you give me more detail on the "static block didn't take and had to readd" comment?

Thanks everyone,
0
 
LVL 2

Accepted Solution

by:
MCSE-2002 earned 1400 total points
ID: 8141213
sure. Sometimes I would order a static ip block, set everything up on the cisco 678(i have done this 21 times for my job) and got nowhere fast. Sometimes the flunky at Qwest enters your info wrong, and your addresses dont stick.

If possible have a buddy try to do a tracert from his internet connection. Then do a tracert to him. Is the last live hop the same on each end? if so, it is a routing problem; you need to delete the range, and readd them from qwest.net.

I would also not discount the importance of erasing the nvram.

One last thing, make sure you can travel outside the qwenron network, i.e. try traceroute to yahoo.com or redhat.com. Sometimes I have been able to trace to the dns servers, but not to the real internet. My packets would fly around qwestland until the ttl exceeded.

If you can never connect it is a line problem.
If you can connect with DHCP, but not Static, it is probably Qwest screwing up your day.

On the bright side, once it is set up, it will run forever with no major problems. Ours have neeb very reliable. We have 21 cities using qwest dsl lines and cisco routers for VPN to our HQ in Phoenix.

0
 

Author Comment

by:dcaparaso
ID: 8153156
they leased me the same block of IPs, is that okay?
0
 

Expert Comment

by:CleanupPing
ID: 9153100
dcaparaso:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10027376
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: MCSE-2002 {http:#8141213}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question