Solved

Can't Connect to web after changing to private IP addresses on internal network.

Posted on 2004-10-31
228 Views
Last Modified: 2010-03-18
Hello Everyone,

I have inherited a fairly small network that used to be on a public ip addressing scheme, meaning we have 35 address that would go to our unternal workstations. I am changing this to a private 192.168.0.0 network. I have changed my DHCP scope, changed the ip address of the Firewall(Sonic SOHO2) and Router(Cisco 1720) to 192.168.0.2 and 192.168.0.1 repectivley.

From a workstation i can ping to the firewall and to the router but not to external addresses(i.e. google, microsoft).
From the firewall i can ping into the network and the router but not to external addresses.
From the router i can ping into the network and out to external resources.

Default gateway is set to the firewall's address on my DHCP scope.

On the the router's ip routing table i have 3 entries:

Gateway of last resort is 66.160.0.165 to network 0.0.0.0

       66.0.0.0/30 is subnetted, 1 subnet
C     66.160.0.164 is directly connected, Serial0
C     192.168.0.0/24 is directly connected, fastethernet0
S*   0.0.0.0/0 [1/0] via 66.160.0.165

What do i need to do on my router to get internal workstations to connect to the internet?

I have tried changing the defualt gateway to the router but still unsuccesfull.

I need help right away, thanks in advance.
0
Question by:kendingo
    11 Comments
     
    LVL 104

    Accepted Solution

    by:
    My first instinct is why did you change the router and the firewall?
    I haven't used a sonicwall firewall for some time, but I believe they operate like a small router. Therefore they will be expecting a public IP address on the external interface. Therefore I would switch that back, leave the private IP address on the other interface of the sonicwall and set all the client's default gateway to the internal IP address of the sonicwall.

    Simon.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    Okay that makes a little sense to me but, do i need to add any special networks into the firewall?
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    You shouldn't have to.
    If I am feeling particularly lazy I usually reset the firewall then use their "startup" wizard to do the initial configuration. This will put everything in to place. I normally work Cisco PIX which have these and they put a default route in for 0.0.0.0 (ie everything else) to the default gateway (ie the router).

    There is probably a similar setting in the Sonicwall.

    Simon.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    I have gone back to square one.

    Router IP S0 is still 66.160.0.166
    Router IP F0 is now 66.160.34.65

    Firewall is now back to old address.

    My internal network is still at the 192 scope, so obviously i can not access outside addresses. I have changed 1 workstation to a static ip the matches the router and firewall and can access outside addresses.

    Now what.

    My SOHO has an area under a network tab that asks for the following

    LAN Settings
    Sonic Wall LAN IP address
    LAN subnet mask

    (is this the area i should change to the private address?)

    WAN Settings
    WAN Gateway router address    66.160.34.65

    (Because of this setting i thought i would need to change the configuration of the router and firewall to the private ip address.)

    By the way NAT is not being handled on this firewall, should this be turned on?
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    Yes to NAT. That is how you get private IP addresses to connect to the Internet.

    LAN Settings is where you enter your private addresses.

    IP Address: 192.168.11.254
    Subnet: 255.255.255.0

    I don't use 192.168.0.x or 192.168.1.x as these are used by everyone+dog. If you decide to use a VPN or similar service at a later date those ranges will conflict with any home routers.

    I also put gateways at the end of the IP address range - .254 - I like the servers to be at the low end.

    Simon.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    Ahh that all makes good sense now, but i still have a question.
    Since my Serial interface is the Cavtel address and my Ethernet address is the old network address what should i put for the following:

    WAN Setting:
    WAN Gateway (Router) Address
    SW WAN IP (NAT Public) Address
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    WAN Gateway will be the IP address of the Ethernet interface on the Router (ie what the Sonicwalls WAN interface is connected to).
    SW WAN IP (NAT) will be the static IP address that the ISP has issued you with. If it was a range, then pick one and use that - that isn't the gateway address.

    Simon.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    It just is not working at all.

    Do i need a static route in the firewall?

    how else is the LAN and WAN going to talk if they are on different networks?
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    You may need a static route. As I said previously, I haven't used a sonicwall for some time and cannot remember exactly how they do it. If it is a SOHO device I would have expected the device to set it up itself once you have given it the relevant information.
    Have you tracert to see whether it is getting past the firewall and isn't failing at the router (for example)?

    Simon.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    I am going to try a dlink firewall i have sitting in my closet to see if it is any easier to configure for this.

    I will update later today. Thanks for your help do far.
    0
     
    LVL 1

    Author Comment

    by:kendingo
    Well Simon,

    It turned out that i did not have to set a static route. I just needed to use one of the publick ip addresses that relate to my serial0 ipaddress. Once i put in the correct ip addresses i got an internet connection. I am still working through some issues now with my internal machines and the server but i think i have the down to a DNS issue.

    Thanks again.

    By the way i never tried using the Dlink firewall.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Lean Six Sigma Project Manager Certification

    There are many schools of thought around successful project management, but few as highly regarded as the Six Sigma and Lean methods. With 37 hours of learning, this training will explain concrete processes for increasing efficiency and limiting wasted time and effort.

    I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

    856 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now