Solved

Linksys rv082/ADSL/ Watchguard firebox III 1000

Posted on 2004-04-16
11
1,426 Views
Last Modified: 2007-12-19
All,

I have an exsisting network about 800 nodes the main router/firewall is a Watchguard Firebox III 1000
the firebox is using Nat, public address X.X.X.197 also aliasing a x.x.x.195/ private address 192.168.1.1 and doing port forwarding for Http, Smtp, Vpn etc.  All the Dns Records are being pointed to the x.x.x.197.  this now sits on a T1 that has about
10 unused static public IP's

I have a Dsl router that has been unused for 1 year that has 5 static public Ip addresses

I have a new Linksys RV082 dual wan router.

So I would like to configure the linksys wan1 with the T1 and wan2/Dmz with the DSL for failover
and slip the linksys behind the firebox with the least amount of reconfiguration to the lan, basicaly
configure the linksys like a switch which will just forward all traffic to the X.X.X.197 address

Is this even possible? Any suggestions would be very much appreciated.

P.S on my last attempt , I pulled the T1 from the external interface on the firebox, inserted into wan1 of the linksys
pluged the external interface of the firebox into lan1 port of the linksys, the firebox then disapeard from the lan, the default gateway 192.168.1.1 which is the firebox lan ip. I could not see or ping the firebox untill I reversed the configuration.

wan 1 on the linksys was configured with a x.x.x.196, lan ip was x.x.x.198 all public static IP's, all firewall features disabled
and a route enterd to forward all traffic to x.x.x.197
0
Comment
Question by:HynesCo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10841588
Are you saying that you inserted the Dual Linksys between your firebox and T1, and lost the connection to your gateway on the firebox..?  I must be reading this wrong, as I am not sure how that could happen..
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10842019
That's what I am saying, the local LAN port on the Firebox is configured as the gateway , that was never touched and completely disappeared once I switched the wan port only

ISP----------------------------LinksysRv082------------------------------->Firebox---------->LAN Switch
67.105.96.193         67.105.96.196/67.105.96.198                 67.105.96.197/192.168.1.1
255.255.255.224------------ 255.255.255.224--------------------------->        NAT     255.255.255.0
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10842519
Although I am not familiar with a Firebox, this is a most unusual occurrence.   The gateway should remain regardless of what you do on the external side of the firewall.  I could understand the route between the Firebox and the Linksys causing an issue, but you should still be able to ping the gateway...

On the Firebox, do you have ICMP enabled to allow a ping to be processed and bounced back..?  In other words, I assume that ping works when you have the original config..??
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 1

Author Comment

by:HynesCo
ID: 10846762
I agree, ICMP is enabled
one thing though, since I am turning the linksys into a basic switch
should the original default gateway on the firebox have to change from .193 or should it point to .198
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10847693
We are using a dual wan router in my office.  It gets two Global addresses for the Wan ports and I use private addresses from it to my firewall, then on to my routers, which further segment the network...  so I guess it depends on how you want to set it up..  personally, I would set yours up like mine, as it is easy to administer that way, and to segment...  In fact, I use all three private classes to do this...
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10849114
as far as you config goes, was the dual wan device introduced into a preconfigured network or was it inplace from the start?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10849153
No, we started with a Cable connection using a simple Linksys Device...  As we expanded our operation, we realized the need for redundancy and I implemented the dual wan technology.  Plugged it in, and after 30 minutes of configuring the DW router, we were up and running..  Did take a week or so to tweak the router, but we are fairly satisfied now...

that being said, we did take 2 weeks to determine the new network setup (and the entire day of the DW installation to implement the IP address scheme we wanted to employ..)   This reconfiguration (DHCP) was generally done with our DC's and file servers in mind (we did not want to disturb their IP scheme) and the fact that we needed to isolate our external servers (web and mail) from our internal network within a DMZ...
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10849786
Fatal,

well If you dont mind I would like to ask a few questions for my peace of mind because I just dont know the answer to these
questions dealing with a dual wan device.

Buy the way if you remove the linksysRv082 and wan 2, this is the original config.
ISP-------------------------------LinksysRv082----------------------------------->Watchguard Firebox III---------->LAN Switch
                                                                                                                               |
T1                                                                                                                           |
67.105.96.193 <Gateway      67.105.96.196                                                                |
255.255.255.224-------------------------Wan1        67.105.96.198                 67.105.96.197/192.168.1.1
                                                                Lan-- 255.255.255.224---------------|NAT 255.255.255.0
                                                       Wan2
                                        66.138.217.201
ISP DSL                           /
66.138.217.206<Gateway    
255.255.255.248    

#1
the .197 on the firebox is the original config which also aliases a .195, I have A records, Mx records etc being forwarded to this address which then forwards the smtp to the mail server the www. to the web server. If I introduce the linksys behind the firebox will I have to change my DNS pointers to .196 on the linksys or is there a way that you know how to do this if it is even possible forward all traffic to the .197?

#2
If I am not doing a 1 to 1 Nat on the linksys
The Dsl for failover will not work unless I add a route?
The working mode is a router right? and not a gateway?

#3 With your experiance what would you do to get this up and running A.S.A.P with out alot of user interuption and or reconfiguration

Many Thanks
-HynesCo
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 10850469
Actually, looking at your diagram, I see no reason that you cannot get this to work as you currently have it setup...  You may have to build the route to your DSl connection (on the linksys) since it is on another subnet mask, but even if you do not, you should still be getting out on your T1..  I would just make sure that your Wan port on your Firebox has the correct mask, as that would certainly cause a problem, but I just see no other issue with that....  And this would also be the quickest way to get you up and running here...

I am wondering now if you might have a problem with the DW router..??   Can you get into the interface and try and network diags on the connections..??  Even a ping would be nice..  I would take a laptop and connect directly to it for testing purposes..  You know, start taking items off so we can narrow down the problem..   You could even keep your current config up and running and just test the DW router with the DSL..  Once you get it configured correctly, you could start adding hardware, including the T1 line..

And yes, it should be setup as a router...  



 
0
 
LVL 1

Author Comment

by:HynesCo
ID: 10853715
Fatal,

Thank you for your input, I feel better about this project now, I will try to implement the router config again
next week some time, just waiting on the client's ok. So I am awarding you with the 500 pts, with an A rating
for all your help and time.

If I run into anything next week Ill post and maybe we can swap some ideas :)

Thank You

Regards,

-HynesCo

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10855002
Thank you, and I would be happy to try to assist..  Good luck with your client..  

FE
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question