Solved

Configuring a Static DSL IP address on a SonicWall - to use SonicWall VPN

Posted on 2006-11-02
30
1,634 Views
Last Modified: 2008-11-23
Here is the situation.  My client has a SonicWall on their DSL line that has been working perfectly fine for VPN until BellSouth moved them from having a single static IP address to having a Multiple Static IP address block.  One of the problems we now face is that BellSouth does not assign a static IP directly to the WAN port on the SonicWall as they had done in the past.  Rather, they give a dynamic address to the WAN port - but you can still assign your static IP addresses to devices on your network.

Here is the BellSouth Explination:
What that means is that what ever device performs the PPPoE authentication will get a Dynamic IP address assigned to its WAN (Wide Area Network) interface. The routing table, which tells routers how to get from one IP address to another, is then updated at that time to show that the Dynamic WAN address routes to their static range or Subnet. Ordinarily, the device that does the authentication will be our Netopia router. BellSouth does not provide a Static WAN address with Multi Static IP, only Dynamic. Simply put, when a customer connects to BellSouth they will get a Dynamic WAN address. In order to use their Static IP addresses they will need to configure their equipment.

So, how do I setup my SonicWall VPN to work properly again using one of our new static IP addresses.  Before we just connected to the WAN port address, but that is now dynamic.  Is there a way to use One to One NAT to solve the problem?
0
Comment
Question by:doulos777
  • 10
  • 8
  • 6
  • +3
30 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 17859761
I would try using a service such as dyndns.com or no-ip.com.  The service you need to use will vary on what the sonicwall vpn supports.  You register at one of these companies and then the sonic vpn (you may also do this with a router if you are using one) will forward the ip that it is assigned to the service provider (dyndns.com).  You will then use a name like myname.dyndns.com to access your vpn.  Hope this helps.  John
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17860301
doulos 777, I don't have a SonicWall, but my experience with other gateway routers using the same type of Multiple Static IP address block. Is that when you set your wan port to aquire it's address by dhcp, it will be assigned the 1rst address in the range. If you want to use the other static addresses in the block your can off course assign those through NAT to NAT.
However you should already be able to use your VPN, since the sonic is probably using only the 1st ip in the range.
Are you using site to site VPN or remote access VPN?
0
 

Author Comment

by:doulos777
ID: 17860410
BellSouth is giving me an address that is not in my Static IP address block.  I can connect through VPN if I use the dynamic address that they assign to - problem being that it changes and I would have to use a dynamic DNS service which I would rather not do.  I can use One to One NAT settings to use the static IP addresses in my block and assign them to machines on my LAN and get to them fine from the internet.  I just need a way to do the same thing, but access the Router itself rather than a machine on the LAN.  When I try and do a One to One NAT to the Router's LAN interface IP address, the SonicWall erases the entry when I restart the device - guess you cannot do that.
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17860542
wow that's interesting. So apparently the only way to make this work would be to have a router b/w your isp and your sonicwall that does the pppoe and natting to the wan of your sonicwall. On the SonicWall you would then assign the static ip address to the wan.

Is there a way you can do that at your dsl modem level? What type of modem are you using.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 17860591
If you have a router between the DSL modem and the Sonic VPN, the router would be able to forward your dynamic IP to dyndns.com, no-ip.com, etc.  You would then use the host name that would connect to your dynamic IP.  The router would then forward VPN requests to the VPN.
0
 

Author Comment

by:doulos777
ID: 17860829
I am using a Westel DSL modem in Bridge mode.  The SonicWall is doing the PPPOE.
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17860943
If you wanted to do the pppoe at the dsl modem level, you'd have not to be in bridge mode.

You should be able to get to expert mode on the modem and use PPPOE instead of bridge mode. You'll then enter all the required isp information. Once you get this working you theoretically should be able to set your wan interface on the Sonic router with one of the static ips in the range.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 17860963
Does the sonicwall have a dynamic dns option in the setup?  It may be abbreviated ddns.  I know Linksys routers do, but that does not mean the Sonicwall does.
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861080
Not worth much but BellSouth is NOT configuring you account correctly!  They are not sending the correct information to your Westel modem.  I have had this happen multiple times, they just don't have it configured correctly.

I have set up hundreds of these remote VPN's and been told the same B.S. that you're getting from Bell South.  If you purchased static IP's from them, yet you're not getting them [above you stated what you're getting isn't in the correct subnet range for your static IP block] it is because they are not sending you the correct information.

You need to requeue your call to a different tech, the one you have now is an idiot.  I have lots of site where they give me multiple static IP addresses and I just use one of them.  Plus the Westel modem should be in Bridge mode so that your Sonicwall has the proper "Routable" IP address on it.  When BellSouth uses the term Dynamic that wouldn't apply to you since you just need the one IP address.  As long as your users use the Sonicwall device and you use the first IP in the static list it will never change.  The sonicwall should supply the PPPoE [Stupid protocol anyway] information ans the static IP addresses in your block would be bridged to your Sonicwall device.

Bridge that Westel!  Tell BellSouth you want to bridge your modem.  Eventually you'll get a guy who knows what you're talking about and walk you though it.  It takes about 15 seconds.
0
 

Author Comment

by:doulos777
ID: 17861112
The SonicWall does have DDNS as an option, but I really want to get it working using one of the Static IP addresses directly.

Once I configure the modem in PPPOE and it receives a Dynamically assigned IP address from the ISP, what IP address should I use on the modems ethernet port?  Should I use one of the Static IP addresses so that it can communicate with the SonicWall's WAN port which will also have a static IP address from our block of addresses?
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17861174
Yes if what the tech at Bellsouth told you is true of their configuration then theoretically that would be the way to do it. However (BIG DISCLAIMER HERE) as I mentioned before I have never dealt with such a setup before and it sounds a little out of the norm to me too. So unless you're ok with some downtime while you test this, I would suggest following EnclosAdmin's recommendation and first trying to get to a second level of support with BellSouth. Very often the 1st level of support is quite useless.

0
 

Author Comment

by:doulos777
ID: 17861230
The paragraph that I included in my first comment did not come from Tech Support but rather from the BellSouth web site.    

0
 
LVL 6

Expert Comment

by:nettek0300
ID: 17861240
Personally, after reading the comment by enclosadmin, I am inclined to agree with him on the tech from BellSouth not knowing what he is talking about.  It sounds like you are PAYING for the STATIC IP and RECEIVING a DYNAMIC one...translation...they are ripping you off!  I would ask to speak with a manager or supervisor.  You should be getting your static IP's.
0
 

Expert Comment

by:oklaitguy
ID: 17861245
I agree with posts that suggest the Bell South is wrong, but if what they have told you is correct, and they have given you a range of IP addresses to use you should be able to use your sonicwall to create a public to private ip map just as you have in the past.  My guess is you have already tried that and it doesn't work, which supports the notion that you aren't getting good help from the ISP.
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861291
Correct - you will receive a different IP than the ones in your Static IP block because the information being supplied by BellSouth is for dynamic users, your getting an address they usually apply to the dynamic pool of addressees.  They need to make sure that you PPPoE information bridges the proper Static IP addresses to you.  Bridge that Westel - supply the proper static IP information on your Sonicwall and your problems will dissovle and you'll be happy!

I'd almost call 'em for you :-)   I hate when they do this to people!
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 7

Expert Comment

by:instillmotion
ID: 17861332
Ok doulos777, if it's on their website then it must be how they deliver their static ips, which is theoretically plausible i was just surpised cause i hadn't seen this before.
So in my opinion you have 2 options:

1- purchase their netopia router

2- try using the dsl modem as discussed above
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861342
And just supplying your Static IP to the Sonicwall won't work.  I can almost guarantee you that the statics will be in a different subnet range.  Only twice in me experience has a company [Verizon] used static IP addresses and dynamics from the same subnet range.

Say for instance 60.121.25.5 thru 200 are dynamic but they saved address spaces 60.121.25.201 - 254 for static IP users.  I have seen that twice.
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861360
Clarification:

Supplying your Static IP to the Sonicwall won't work UNTIL you resolve the Dynamic vs. Static PPPoE problem and bridge your Westel Modem.

Can you get to the Westel Modem to configure it?
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17861365
I found the posting on their website:

Multi Static IP Address (Bus)

BellSouth can only provision FastAccess Business subscribers with Multiple Static IP Addresses for their use when they authenticate onto the BellSouth Network. BellSouth uses a unique method of address assignment in its implementation of Multiple Static IP Addresses. What that means is that what ever device performs the PPPoE authentication will get a Dynamic IP address assigned to its WAN (Wide Area Network) interface. The routing table, which tells routers how to get from one IP address to another, is then updated at that time to show that the Dynamic WAN address routes to their static range or Subnet. Ordinarily, the device that does the authentication will be our Netopia router. BellSouth does not provide a Static WAN address with Multi Static IP, only Dynamic. Simply put, when a customer connects to BellSouth they will get a Dynamic WAN address. In order to use their Static IP addresses they will need to configure their equipment. BellSouth offers Static IP addresses in blocks of: 1,8,16,32 and 64.

Like they say: "Bellsouth uses a unique method"

Unique indeed.
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17861398
Now here's some useful information also on their site:

For Multi Static IP addresses customers will need to configure their equipment with the information that coresponds with their Static IP block. In order to configure Multi Static IP addresses you must understand how they are used. The first address in the IP address assignment is the Subnet address. It is used for routing tables ONLY. It is NOT ASSIGNABLE to a device on your network. The second address in the IP address assignment must be assigned to your router interface. This address is your default gateway. The last address in the IP address assignment is the Broadcast address for the Subnet. It is NOT ASSIGNABLE to a device on your network. For example:

    * 65.37.125.10 - (Reserved for Subnet Routing)
    * 65.37.125.11 - (Reserved for Default Gateway)
    * 65.37.125.12 - Available
    * 65.37.125.13 - Available
    * 65.37.125.14 - Available
    * 65.37.125.15 - Available
    * 65.37.125.16 - Available
    * 65.37.125.17 - (Reserved for Subnet Broadcast)

The remaining addresses that are not reserved are available to be assigned to a device on the network. The available addresses reflect the quantity of static IP addresses specified in your order. Remember: Static IP options are sold in multiple(s) of 1, 8, 16, 32, 64, but they appear as 1, 5, 13, 29, and 61.

Each block of IP addresses uses a standard Subnet Mask Address based on their block size:

    * 8 Block, refered to as /29 uses a subnet mask of 255.255.255.248
    * 16 Block, refered to as /28 uses a subnet mask of 255.255.255.240
    * 32 Block, refered to as /27 uses a subnet mask of 255.255.255.224
    * 64 Block, refered to as /26 uses a subnet mask of 255.255.255.192

Using the examples from above if we wanted to assign a static IP to a customers machine you might use:

IP Address: 65.37.125.12 Subnet Mask: 255.255.255.248 Default Gateway: 65.37.125.11
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861489
That's correct instillmotion, however if he cannot get them to assign him the static addresses that won't work.

I am assuming he knows about address assignment and how that routing works.  In the exapmple above he should use .12 on his sonic wall for the routable IP address.  Always assign your router the first address.  [Especially if they talk about dynamic address assignment of your statics so that the router is ready for the 1st address each time.]
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17861563
"In order to use their Static IP addresses they will need to configure their equipment. BellSouth offers Static IP addresses in blocks of: 1,8,16,32 and 64."

So configuration on the Westel is a must according to what Insillmotion posted from their website.

That's fine, you just want to bridge it, supply the PPPoE username and password on your Sonicwall.

Now you have some work to do:

Your Sonicwall will probably receive those Dynamic Addresses.  So let it use DHCP First to see what IP address is assigned to it.  If it does get an address and it is one of the dynamic addresses you need to call BellSouth and tell them they are still sending the wrong addresses.  if you don'get one via DHCP, then try using the static IP's from the block they sent.  If that doesn't work call Bell South and ask them to verify your PPPoE account and static IP block.

It is helpful to have one of them on the line when doing this, so they are aware of the steps you're taking, even if they are dolts.  They can at least relay the information to someone who will eventually know what you're trying to do.
0
 
LVL 7

Expert Comment

by:instillmotion
ID: 17861643
I  argree EnclosAdmin. Doulos777 can you post the exact model of your modem so we can see what type of configuration capability you have?
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17862529
Were you able to get into your Westel DSL modem Doulos777?

You should have received information on monitoring and configuring the modem from your kit or if you had it 'professionally' and I use that word very loosely here, your install technician.
0
 

Author Comment

by:doulos777
ID: 17864258
I am going to see the client in the morning to try some of the ideas that have been posted here.

We have not recieved the new install kit from BellSouth yet.  The only reason that I know the IP addresses, is because I looked them up on the BellSouth web site (Order Status)
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17866449
Correct, many times they will supply your IP block in your order status page.  Generally the same page is supplied in your kit or with the install technician upon installation.  Since that page is in refernece to your client then those should be the addresses you're looking for to bridge to your Sonicwall.  
0
 
LVL 2

Expert Comment

by:EnclosAdmin
ID: 17931636
Did you ever resolve this problem with your carrier?
0
 

Author Comment

by:doulos777
ID: 17939114
As much as I would have liked to have found a way to get the "weird" BellSouth Multi-Static IP addresses working, time contraints forced me to change the clients account to a Single Static IP address.  Once I made the change on BellSouth's web page, they gave me the old Static IP address that we had been using previously and now everything works fine.

Sorry that I was not able to find a way to work around their strange networking.  I really hate not fixing stuff!!
0
 
LVL 2

Accepted Solution

by:
EnclosAdmin earned 500 total points
ID: 17939303
Well the good thing is that they have the static IP address.  Much better for you than having to program around a Dynamic address!

Good Job getting at least that portion done.

Take Care
0
 

Expert Comment

by:CUBLA1
ID: 22965797
i hope those involved in this discussion are still around and available for comment. i am having the EXACT same problem with a netopia 3347NWG and a Sonicwall TZ 190. I have configured many using ATT and single IP's. I even have some with multiple ip's and have never had such a problem. What is the deal? has anybody successfully gotten this to work? i have read all the documents and i don't understand. i believe ATT does not have the static to dynamic route provisioned correctly but i cannot prove it. any suggestions?
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now