Configuring a Static DSL IP address on a SonicWall - to use SonicWall VPN

I would try using a service such as dyndns.com or no-ip.com.  The service you need to use will vary on what the sonicwall vpn supports.  You register at one of these companies and then the sonic vpn (you may also do this with a router if you are using one) will forward the ip that it is assigned to the service provider (dyndns.com).  You will then use a name like myname.dyndns.com to access your vpn.  Hope this helps.  John

doulos 777, I don't have a SonicWall, but my experience with other gateway routers using the same type of Multiple Static IP address block. Is that when you set your wan port to aquire it's address by dhcp, it will be assigned the 1rst address in the range. If you want to use the other static addresses in the block your can off course assign those through NAT to NAT.
However you should already be able to use your VPN, since the sonic is probably using only the 1st ip in the range.
Are you using site to site VPN or remote access VPN?

BellSouth is giving me an address that is not in my Static IP address block.  I can connect through VPN if I use the dynamic address that they assign to - problem being that it changes and I would have to use a dynamic DNS service which I would rather not do.  I can use One to One NAT settings to use the static IP addresses in my block and assign them to machines on my LAN and get to them fine from the internet.  I just need a way to do the same thing, but access the Router itself rather than a machine on the LAN.  When I try and do a One to One NAT to the Router's LAN interface IP address, the SonicWall erases the entry when I restart the device - guess you cannot do that.

wow that's interesting. So apparently the only way to make this work would be to have a router b/w your isp and your sonicwall that does the pppoe and natting to the wan of your sonicwall. On the SonicWall you would then assign the static ip address to the wan.

Is there a way you can do that at your dsl modem level? What type of modem are you using.

If you have a router between the DSL modem and the Sonic VPN, the router would be able to forward your dynamic IP to dyndns.com, no-ip.com, etc.  You would then use the host name that would connect to your dynamic IP.  The router would then forward VPN requests to the VPN.

I am using a Westel DSL modem in Bridge mode.  The SonicWall is doing the PPPOE.

If you wanted to do the pppoe at the dsl modem level, you'd have not to be in bridge mode.

You should be able to get to expert mode on the modem and use PPPOE instead of bridge mode. You'll then enter all the required isp information. Once you get this working you theoretically should be able to set your wan interface on the Sonic router with one of the static ips in the range.

Does the sonicwall have a dynamic dns option in the setup?  It may be abbreviated ddns.  I know Linksys routers do, but that does not mean the Sonicwall does.

Not worth much but BellSouth is NOT configuring you account correctly!  They are not sending the correct information to your Westel modem.  I have had this happen multiple times, they just don't have it configured correctly.

I have set up hundreds of these remote VPN's and been told the same B.S. that you're getting from Bell South.  If you purchased static IP's from them, yet you're not getting them [above you stated what you're getting isn't in the correct subnet range for your static IP block] it is because they are not sending you the correct information.

You need to requeue your call to a different tech, the one you have now is an idiot.  I have lots of site where they give me multiple static IP addresses and I just use one of them.  Plus the Westel modem should be in Bridge mode so that your Sonicwall has the proper "Routable" IP address on it.  When BellSouth uses the term Dynamic that wouldn't apply to you since you just need the one IP address.  As long as your users use the Sonicwall device and you use the first IP in the static list it will never change.  The sonicwall should supply the PPPoE [Stupid protocol anyway] information ans the static IP addresses in your block would be bridged to your Sonicwall device.

Bridge that Westel!  Tell BellSouth you want to bridge your modem.  Eventually you'll get a guy who knows what you're talking about and walk you though it.  It takes about 15 seconds.

The SonicWall does have DDNS as an option, but I really want to get it working using one of the Static IP addresses directly.

Once I configure the modem in PPPOE and it receives a Dynamically assigned IP address from the ISP, what IP address should I use on the modems ethernet port?  Should I use one of the Static IP addresses so that it can communicate with the SonicWall's WAN port which will also have a static IP address from our block of addresses?

Yes if what the tech at Bellsouth told you is true of their configuration then theoretically that would be the way to do it. However (BIG DISCLAIMER HERE) as I mentioned before I have never dealt with such a setup before and it sounds a little out of the norm to me too. So unless you're ok with some downtime while you test this, I would suggest following EnclosAdmin's recommendation and first trying to get to a second level of support with BellSouth. Very often the 1st level of support is quite useless.

The paragraph that I included in my first comment did not come from Tech Support but rather from the BellSouth web site.    

Personally, after reading the comment by enclosadmin, I am inclined to agree with him on the tech from BellSouth not knowing what he is talking about.  It sounds like you are PAYING for the STATIC IP and RECEIVING a DYNAMIC one...translation...they are ripping you off!  I would ask to speak with a manager or supervisor.  You should be getting your static IP's.

I agree with posts that suggest the Bell South is wrong, but if what they have told you is correct, and they have given you a range of IP addresses to use you should be able to use your sonicwall to create a public to private ip map just as you have in the past.  My guess is you have already tried that and it doesn't work, which supports the notion that you aren't getting good help from the ISP.

Correct - you will receive a different IP than the ones in your Static IP block because the information being supplied by BellSouth is for dynamic users, your getting an address they usually apply to the dynamic pool of addressees.  They need to make sure that you PPPoE information bridges the proper Static IP addresses to you.  Bridge that Westel - supply the proper static IP information on your Sonicwall and your problems will dissovle and you'll be happy!

I'd almost call 'em for you :-)   I hate when they do this to people!

Ok doulos777, if it's on their website then it must be how they deliver their static ips, which is theoretically plausible i was just surpised cause i hadn't seen this before.
So in my opinion you have 2 options:

1- purchase their netopia router

2- try using the dsl modem as discussed above

And just supplying your Static IP to the Sonicwall won't work.  I can almost guarantee you that the statics will be in a different subnet range.  Only twice in me experience has a company [Verizon] used static IP addresses and dynamics from the same subnet range.

Say for instance 60.121.25.5 thru 200 are dynamic but they saved address spaces 60.121.25.201 - 254 for static IP users.  I have seen that twice.

Clarification:

Supplying your Static IP to the Sonicwall won't work UNTIL you resolve the Dynamic vs. Static PPPoE problem and bridge your Westel Modem.

Can you get to the Westel Modem to configure it?

I found the posting on their website:

Multi Static IP Address (Bus)

BellSouth can only provision FastAccess Business subscribers with Multiple Static IP Addresses for their use when they authenticate onto the BellSouth Network. BellSouth uses a unique method of address assignment in its implementation of Multiple Static IP Addresses. What that means is that what ever device performs the PPPoE authentication will get a Dynamic IP address assigned to its WAN (Wide Area Network) interface. The routing table, which tells routers how to get from one IP address to another, is then updated at that time to show that the Dynamic WAN address routes to their static range or Subnet. Ordinarily, the device that does the authentication will be our Netopia router. BellSouth does not provide a Static WAN address with Multi Static IP, only Dynamic. Simply put, when a customer connects to BellSouth they will get a Dynamic WAN address. In order to use their Static IP addresses they will need to configure their equipment. BellSouth offers Static IP addresses in blocks of: 1,8,16,32 and 64.

Like they say: "Bellsouth uses a unique method"

Unique indeed.

Now here's some useful information also on their site:

For Multi Static IP addresses customers will need to configure their equipment with the information that coresponds with their Static IP block. In order to configure Multi Static IP addresses you must understand how they are used. The first address in the IP address assignment is the Subnet address. It is used for routing tables ONLY. It is NOT ASSIGNABLE to a device on your network. The second address in the IP address assignment must be assigned to your router interface. This address is your default gateway. The last address in the IP address assignment is the Broadcast address for the Subnet. It is NOT ASSIGNABLE to a device on your network. For example:

    * 65.37.125.10 - (Reserved for Subnet Routing)
    * 65.37.125.11 - (Reserved for Default Gateway)
    * 65.37.125.12 - Available
    * 65.37.125.13 - Available
    * 65.37.125.14 - Available
    * 65.37.125.15 - Available
    * 65.37.125.16 - Available
    * 65.37.125.17 - (Reserved for Subnet Broadcast)

The remaining addresses that are not reserved are available to be assigned to a device on the network. The available addresses reflect the quantity of static IP addresses specified in your order. Remember: Static IP options are sold in multiple(s) of 1, 8, 16, 32, 64, but they appear as 1, 5, 13, 29, and 61.

Each block of IP addresses uses a standard Subnet Mask Address based on their block size:

    * 8 Block, refered to as /29 uses a subnet mask of 255.255.255.248
    * 16 Block, refered to as /28 uses a subnet mask of 255.255.255.240
    * 32 Block, refered to as /27 uses a subnet mask of 255.255.255.224
    * 64 Block, refered to as /26 uses a subnet mask of 255.255.255.192

Using the examples from above if we wanted to assign a static IP to a customers machine you might use:

IP Address: 65.37.125.12 Subnet Mask: 255.255.255.248 Default Gateway: 65.37.125.11

That's correct instillmotion, however if he cannot get them to assign him the static addresses that won't work.

I am assuming he knows about address assignment and how that routing works.  In the exapmple above he should use .12 on his sonic wall for the routable IP address.  Always assign your router the first address.  [Especially if they talk about dynamic address assignment of your statics so that the router is ready for the 1st address each time.]

"In order to use their Static IP addresses they will need to configure their equipment. BellSouth offers Static IP addresses in blocks of: 1,8,16,32 and 64."

So configuration on the Westel is a must according to what Insillmotion posted from their website.

That's fine, you just want to bridge it, supply the PPPoE username and password on your Sonicwall.

Now you have some work to do:

Your Sonicwall will probably receive those Dynamic Addresses.  So let it use DHCP First to see what IP address is assigned to it.  If it does get an address and it is one of the dynamic addresses you need to call BellSouth and tell them they are still sending the wrong addresses.  if you don'get one via DHCP, then try using the static IP's from the block they sent.  If that doesn't work call Bell South and ask them to verify your PPPoE account and static IP block.

It is helpful to have one of them on the line when doing this, so they are aware of the steps you're taking, even if they are dolts.  They can at least relay the information to someone who will eventually know what you're trying to do.

I  argree EnclosAdmin. Doulos777 can you post the exact model of your modem so we can see what type of configuration capability you have?

Were you able to get into your Westel DSL modem Doulos777?

You should have received information on monitoring and configuring the modem from your kit or if you had it 'professionally' and I use that word very loosely here, your install technician.

I am going to see the client in the morning to try some of the ideas that have been posted here.

We have not recieved the new install kit from BellSouth yet.  The only reason that I know the IP addresses, is because I looked them up on the BellSouth web site (Order Status)

Correct, many times they will supply your IP block in your order status page.  Generally the same page is supplied in your kit or with the install technician upon installation.  Since that page is in refernece to your client then those should be the addresses you're looking for to bridge to your Sonicwall.  

Did you ever resolve this problem with your carrier?

As much as I would have liked to have found a way to get the "weird" BellSouth Multi-Static IP addresses working, time contraints forced me to change the clients account to a Single Static IP address.  Once I made the change on BellSouth's web page, they gave me the old Static IP address that we had been using previously and now everything works fine.

Sorry that I was not able to find a way to work around their strange networking.  I really hate not fixing stuff!!

i hope those involved in this discussion are still around and available for comment. i am having the EXACT same problem with a netopia 3347NWG and a Sonicwall TZ 190. I have configured many using ATT and single IP's. I even have some with multiple ip's and have never had such a problem. What is the deal? has anybody successfully gotten this to work? i have read all the documents and i don't understand. i believe ATT does not have the static to dynamic route provisioned correctly but i cannot prove it. any suggestions?