Solved

Cisco 2620 Router and Sonicwall TZ170EN

Posted on 2006-06-20
13
463 Views
Last Modified: 2013-11-29
I have a Cisco router with dual T1's. The fast ethernet goes to SonicWall TZ170. My ISP provided me with 4 blocks of ip ranges (2 on each T1). I tried to use the other blocks of IP's on the TZ170 but not able too (one block works). The subnets are different. The Cisco router is doing load balancing only. My thinking is to take the load balancing off from Cisco and move it to TZ170. Then both T1"s can get recognized and I can use the ip ranges. Also, I want to setup redundancy for the T1's by having them come from two different ATM's. They already come from two different CO's but end at the same ATM. Any suggestions on how I establish my goals. Cisco router is managed by the ISP. TZ170 is managed by me.

1. Make the additional Public IP's usable

2. Provide redundancy for the T1 connection

3. Control the T1 usage

Thanx,

Habib

0
Comment
Question by:llib21
  • 7
  • 6
13 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16943452
Are these 2 different ISP's?
Do you have a AS number?

The only way you can use 2 different providers and route traffic to them is to run BGP to do that you have to have an ASN.

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16943508
Scott,

The T1's are from the same provider.

I thought about BGP however my thinking is if I split the the T1's from 2620 router to maybe (2) 1720 routers then run load balancing and redundancy on the SonicWall TZ170 I get the same results but better. Now, I would not be relying on on router but have two routers which makes it redundant. My single point of failure is the Sonicwall TZ170. I am looking at this correctly.  
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16943565
If they are all from the same provide you need to talk to the provider where the upstream route is pointing for the local subnet.  If you want to really load share do a bonded T1 solution with a virtual template it will look at the 2 T1's as one 3meg pipe.

here is an explaination of it from the past.

http://www.experts-exchange.com/Hardware/Routers/Q_21886560.html

if the links are from the same provider BGP is not required.  If you place the second router in the mix then you still have a single point of failure and loadbalancing would be a little more difficult.  

My recomendation is use one router and configure the other as a cold spare and call it good.

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16943613
Would the bonded T1's let me use the other blocks of ip I have allocated?

ISP had screwed up initially, I was suppose to get 10 ip's and they gave me 4 blocks but on different subnets.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16943672
the subnets should not matter and the bonded should not matter... it is where the ISP had their routes to the nodes pointed make sure their routes are right.

The bonded solution will not change the routing issues your having unless they fix it.

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16943812
I can hit the IP Blocks from router but can't from behind the firewall. I can plug in a laptop to the Cisco and the check the ip ranges just fine but once the fast ethernet connection from router hits the Sonicwall I see only one range. That one range is the configured interface on the Sonicwall. I spoke with Sonicwall support who stated if the router was sending two connections to TZ170 then I can establish two interfaces (instead of one) for the extended block of IP's, do load balancing, and fail over redundancy on TZ170. My ISP had stated something similar to your solution but I won't be able to use the other Public IP's through my firewall. I don't want to change multiple my ip blocks to get one big block of ip's. I am using one block right now and I am not ready to change it.











0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16943863
can you add the ranges to the sonic wall firewall like additional IP address (excuse my ignorance here I have never been in a sonic wall). If you could do that then add a route that points from the router to the sonic wall that would work.  I don't know how many interfaces you have but you could at least public address the ones you have with a few ranges and then point the router to the outside interface of the sonic wall with the route pointing from the FE on the router to the sonic wall.

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16943934
I tried to add them under their DMZ or OPT interface but no luck.  Idon't understand your last line.

I have LAN, WAN, and OPT interfaces on the Sonicwall. OPT can be DMZ as well. LAN and WAN are used currently. With the second WAN connection, I can setup the OPT port for second range of ip's. I have tried to do it virtually (without connecting wires) by using WAN interface gateway address which is connected by wire to the Cisco router with no luck as well. It looks my final bids are on having two routers or one 2621 with two WIC's and two fast ethernet interfaces.
0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 250 total points
ID: 16944052
in the router you should have a route that points to all four of your IP ranges to the interface of the sonicwall

(router).1--------------192.168.254.2(sonicwall)

so if your ranges for example are

192.168.1.0/28
10.10.10.0/28
172.16.1.0/28

your routes would look like

ip route 192.168.1.0 255.255.255.248 192.168.254.2
ip route 10.10.10.0 255.255.255.248 192.168.254.2
ip route 172.16.1.0 255.255.255.248 192.168.254.2

this help?

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16946251
Scott,

Sorry for the delay in posting. I was taking finals.

here is the basic config already on the router.....

First:

router#config t
router(config)#interface Serial0/1.1
router(config-if)#no ip nat outside
router(config-if)#exit
router(config)#no ip nat inside source route-map NAT interface
Serial0/1.1 overload
router(config)#interface FastEthernet0/0
router(config-if)#no ip nat inside
router(config-if)#exit

Second:
router#config t
router(config)#interface Serial0/1.1
router(config-if)#ip address 63.65.16.x 255.255.255.252
router(config-if)#exit
router(config)#interface Serial0/0.1
router(config-if)#ip address 63.65.16.x 255.255.255.252
router(config-if)#exit
router(config)#interface FastEthernet0/0
router(config-if)#ip address 63.87.53.x 255.255.255.248
router(config-if)#ip address 65.211.x.137 255.255.255.248
router(config-if)#ip address 63.86.92.x 255.255.255.248
router(config-if)#ip address 65.201.221.x 255.255.255.248
router(config-if)#exit
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16946278
can you do a show run and post that this does not show the routes that I was looking for.

Thanks
Scott
0
 

Author Comment

by:llib21
ID: 16948453
No, I don't have the username or password to login to the router. It belongs to the ISP. I do remember typing this config in the router.
0
 

Author Comment

by:llib21
ID: 17086298
Instead of acquiring new hardware, I requested the a large block of ip's from my provider. Possibly the upper or lower to my main range. I released the the ranges to my provider since I did not use them. This will help keep things more simple.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Flashing Cisco Meraki MR18 with OpenWRT firmware ? 5 57
Printer Settings 3 64
EIGRP Full Mesh 2 34
RDP Sonicwall 8 31
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now