Routing with two WAN connections; I have a problem.

The story goes like this,   I had an Internet T1 dropped into two office locations and a VPN between them for office traffic. This worked well when all the equipment was PC based.  Then we went to Terminal Server and Thin Clients.  The TS was in one office.  So now, all TS traffic and internet traffic was sharing the same T1 in the main office. It was slow for web browsing, but not the office app, which is a terminal session to a unix server.

I decided ti bring in a high speed DSL line into the main office and setup my sonicwall tz170 at the main office to use the WAN port for the DSL and the OPT port for the T1; to have the Internet traffic go out to the WAN port and all VPN traffic go out the OPT port.  This seems to be working... but it is slower than molasses, for both browsing and the terminal app.

I'm concerned that my routing is not set up right.  I only understand enough to get myself in trouble so I am looking for some guidance on how to diagnose and resolve this.

Here is the routing table from the SW in the main office:
Destination Network Subnet Mask Gateway Address Destination Link
0.0.0.0 0.0.0.0 216.144.221.77 WAN
66.103.225.128 255.255.255.248 0.0.0.0 OPT
132.147.160.0 255.255.255.128 0.0.0.0 LAN
132.147.160.100 255.255.255.255 0.0.0.0 LAN
216.144.221.76 255.255.255.252 0.0.0.0 WAN
216.144.221.77 255.255.255.255 0.0.0.0 WAN
216.144.221.78 255.255.255.255 0.0.0.0 LAN/OPT
255.255.255.255 255.255.255.255 0.0.0.0 LAN


I can provide any other info needed.

Thanks.
Jason
jasgotAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

scrathcyboyCommented:
"seems to be working" - no it probably is not.
Several limitations here - windows cannot "multi-home" a connection to the internet, they could not get it to work, so they removed ability of ANY windows version to use 2 routes to internet, it cannot do it.  Each windows machine, server or client, can only use one route.  Now since terminal services relies on windows, the terminals can only use whatever route the terminal server is using - but you can split terminal services between 2 servers (even a WS) and they will use whatever route the server is using.

Another limitation, because the way a sonicwall "backfeeds" the internet feed for firewall, it cant work with two routes to internet.  You might have got part working on one T1 and part on the other, by splitting servers to each route, but now you add ADSL, you have third problem.  ADSL not have a true IP and the routing is different than T1, so now you have a situation where the new DSL route is not "real" as far as server is concerned, therefore it automatically default to the T1 it knows to be secure IP, DNS & etc.
0
jasgotAuthor Commented:
The T1 (only one is in play here) and the DSL are both on the 'other' side of the Sonicwall Firewall. Windows only knows one route and one gateway.
0
scrathcyboyCommented:
It would help to put the correct gateways in the routing table.
FOr the WAN, use the IP address of the ADSL modem (192,168,0,1?)
For the LAN, use the IP address of the unix server.
Both of these would fill in the 3rd column of 0s in your routing table.
If the DSL is VDSL, put in the DNS server that the VDSL modem connects to.
This might eliminate thrashing, but dont know if it will speed up the VPN or not.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

jasgotAuthor Commented:
Are you say to put them into the Sonicwall's table?

Also I don;t know where you are going with the dsl stuff, My DSL is a 5 static IP router. I do not know what VDSL is....
0
scrathcyboyCommented:
ADSL is true telephone DSL, VDSL is cable over telephone emulation, they are very different animals.
Yes, put the gateways in the routing table, you have four sets of numbers, use them to the max --

Destination Network       Subnet Mask         Gateway Address        Destination Link

You have most filled in but the gateway, this might radically improve LAN speed, since the sonicwall doesnt have to go searching for the gateway for each packet request, it might not change much.  The sonic setup is hard to test without actually being in front of it, so you will have to fill in the right values for these.  Most DSL routers default to a 192.168.0.1 gateway, you may have changed it, but give the real gateway for this, rather than its DNS gateway (VDSL is the opposite).  FOr the T1, give the real IP address the T1 is connected to for the gateway (as you would a cable modem).  Hope this makes sense.

If you have 5 static IPs for the DSL, what are you using them for?  Did you know you can use them for different gateways to different systems with different functions, e.g. unix terminal server vs. windows server?
0
jasgotAuthor Commented:
when you say use the gateway of the dsl or T1, do mean use the dsl modem's address as the gateway for the sonicwall? or do you mean use the same  gateway that the dsl modem or T1 Router uses, which I presume is actually at the ISP network ops center (and on another subnet)?

Let me give you the ip scheme for the dsl and t1:

DSL
Router IP: 216.144.203.176
Subnet Mask: 255.255.255.252

T1
Router IP: 66.103.225.129
Subnet Mask: 255.255.255.248
GW: 216.234.102.29 ( I do know that this address is at the ISP )

I would like to learn more about the static ips for the dsl as different gateways, I have never heard of that, it sounds interesting.

0
scrathcyboyCommented:
Destination Network       Subnet Mask         Gateway Address        Destination Link

 66.103.225.129 ?          255.255.255.248    66.103.225.129              OPT/T1
 (132? address)             255.255.255.252    216.144.203.176            WAN/DSL

Seems to me thats how it should be setup.  Since you are not using T1 for internet, you dont want the destination network as the T1 ISP, but you do need the ISP address (DNS servers for example) of the DSL provider, and you can get this by looking at config in the DSL modem.

The gateway for the local network to get to the internet should be the DSL router address, and the network should be the "WAN" i.e. the internet.
With T1, the destination network should be your own internal network, the gateway is the T1 router.
Hope this makes sense and I am not confusing you.  If this does not help, I suggest calling the DSL provider for the IPs they have assigned you and use them for a static IP for at least one or more servers, That will help with correct routing and VPN.  Also, you might ask this question again to see if any one else has different ideas for sonicwall setup.  Im not sure why the multiple entires you listed at start are needed.
0
scrathcyboyCommented:
I think the experts who contributed to this question provided more than the normal level of support.  YOu can refund if you want, but the question is, is the questioner just trying to get out of the question or was he seriously interested in a solution.  You decide, mod.
0
jasgotAuthor Commented:
That's quite an accusation you are throwing out there, Scrathyboy. The experts may have put a lot of thought into their comments, but none provided anything other than confirmation of the existing configuration. The solution was to bring in a P2P T1.
0
GranModCommented:
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.