derek4017
asked on
Moving from DSL to T1 using Sonicwall TZ170 Enhances OS
Im getting my company a T1 internet connection as opposed to our current dsl.
We currently have only one static ip address which we use for OWA 2003 AND EMAIL.
What do I need to do on the sonicwall firewall to ensure user can get online ?
do I need a crossover cable to connect the ISP router etherent port to the sonicwall wan port ?
do I need to tell the isp tech not to nat since my sonicwall will be doing that ?
do I need to tell him to put the router into transparent mode ?
Ive read that you usally get about 5 ips with a T1 one for router, one for soncwall wan port, 3 for whatever ?
If thats so which IP would I reference when accessisng my OWA, the router IP or Sonicwal IP ?
Any advice would be helpful !!!
We currently have only one static ip address which we use for OWA 2003 AND EMAIL.
What do I need to do on the sonicwall firewall to ensure user can get online ?
do I need a crossover cable to connect the ISP router etherent port to the sonicwall wan port ?
do I need to tell the isp tech not to nat since my sonicwall will be doing that ?
do I need to tell him to put the router into transparent mode ?
Ive read that you usally get about 5 ips with a T1 one for router, one for soncwall wan port, 3 for whatever ?
If thats so which IP would I reference when accessisng my OWA, the router IP or Sonicwal IP ?
Any advice would be helpful !!!
ASKER
ISP CUTSHEET
WAN IP ADDRESS INFORMATION
# OF IP ADDRESSES: N/A
RANGE: 66.83.170.124 - 66.83.170.127 DLCI 3232
WAN IP addresses are used for NuVox equipment only. These should not be for customer static IP address.
Equipment Information
CISCO CISCO 1720 W/ WIC1CSU/DSU 0 1 1720ROUTER
WAN IP ADDRESS INFORMATION
# OF IP ADDRESSES: N/A
RANGE: 66.83.170.124 - 66.83.170.127 DLCI 3232
WAN IP addresses are used for NuVox equipment only. These should not be for customer static IP address.
Equipment Information
CISCO CISCO 1720 W/ WIC1CSU/DSU 0 1 1720ROUTER
ASKER
By the looks of it I think I need more ip adresses, what do you think
I think you need more information from the ISP
This IP range listed probably has a /30 mask of 255.255.255.252 and would be for the T1 WAN link only for their own equipment.
You would probably need another /30 address for your T1 WAN interface and another /29 block of IP's for your LAN, unless they request that you use "ip unnumbered" on the WAN and just get a block of IP's for your LAN for static assignment..
This IP range listed probably has a /30 mask of 255.255.255.252 and would be for the T1 WAN link only for their own equipment.
You would probably need another /30 address for your T1 WAN interface and another /29 block of IP's for your LAN, unless they request that you use "ip unnumbered" on the WAN and just get a block of IP's for your LAN for static assignment..
Why would you need more ip addresses? Most people don't need all the additional ip addresses. You need one for the network, and if you want to isolate parts of your network you can use a second or third one, like if you want to run an ftp server seperate from your regular network.
ASKER
I think your right riteheer, I dont need but one public ip address, which will hit the sonicwall firewall, and from
there the firewall will port forward any OWA or smtp traffic to the destination I choose internally.
That sound right ?
I just didnt understand the ips cutsheet with number of ip address n\a.
only for nuvox equipment.
there the firewall will port forward any OWA or smtp traffic to the destination I choose internally.
That sound right ?
I just didnt understand the ips cutsheet with number of ip address n\a.
only for nuvox equipment.
Yup, that sounds about right to me. I did the same setup a while back and used a second address from the range the isp gave me to isolate an ftp server. Works great, I think after you use the tz170 for a while you will really like it. I have several of them around the area here.
Good luck and let us know if you need any more help.
Jappo
Good luck and let us know if you need any more help.
Jappo
ASKER
Okay well while I was at lunch the Nuvox guy
came and installed the T1 router although the scheduled date for cut over was this thrusday.
Guy told my boss he was just here to install it and make sure it could connect okay..
Next guy will be here thursday to finish I guess and also do our new point to point t1.. between our locations.
The router is a cisco 1720 one wic one ethernet port. Told boss that I could not have username and password. dooh..
I plugged my laptop into ethernet port and of course dhcp is running, that has to change..
I went to www.whatismyip.com and got 66.83.170.126.
should I tell the guy thursday that I need the router in bridge mode ??
came and installed the T1 router although the scheduled date for cut over was this thrusday.
Guy told my boss he was just here to install it and make sure it could connect okay..
Next guy will be here thursday to finish I guess and also do our new point to point t1.. between our locations.
The router is a cisco 1720 one wic one ethernet port. Told boss that I could not have username and password. dooh..
I plugged my laptop into ethernet port and of course dhcp is running, that has to change..
I went to www.whatismyip.com and got 66.83.170.126.
should I tell the guy thursday that I need the router in bridge mode ??
ASKER
Someone posted this in a sonicwall forum.
Does this sound right riteheer ?
You would typically get a block of IP addresses with the T1. Assign the lowest address to the routers Ethernet port and the next address to the SonicWALL's WAN port. Then, you can do One-to-One NAT on the remaining addresses to pass them to individual servers that need to be accessible from the outside world.
Good luck!
Does this sound right riteheer ?
You would typically get a block of IP addresses with the T1. Assign the lowest address to the routers Ethernet port and the next address to the SonicWALL's WAN port. Then, you can do One-to-One NAT on the remaining addresses to pass them to individual servers that need to be accessible from the outside world.
Good luck!
ASKER
I think I should use Ip unnumbered instead of bridging.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) Set up port forwarding in the firewall for the exchange server. You will want it to be able to accept incoming smtp connections.
3) You should not need a crossover cable. But it never hurts to have one handy.
4) If you're going to get a block of 8 ips you can set whatever you desire to use them. Only 5 of them will be usable ( 1 for broadcast, 1 for network, 1 for wan side of router)