Routing networks through vlan to allow content filter

I have a few questions regarding something i would like to setup/change.  I would like to block web access from all our IP-VPN connections. Currently we are provided a private IP-VPN solution through Bell.  They have a cisco router here that attaches to our Lan.  I have a Sonicwall Router/Firewall device as out gateway and edge device.  I would like to use the content filtering feature of the Sonicwall but in order to do this i must turn on the content filter on the Lan zone to block the websites and such.  This causes a problem because i do not want to restrict our local Lan with this service.  The sonicwall's have other interfaces that i can plug the Bell service into but i don't have access to change the Lan IP of their router so i need a way to route traffic to it.  I assume i can create a vlan or two on our cisco 3560 to enable what i need.  I have attached a quick sketch of our current setup, i'm just not sure the best route.

The problem that i face is in order to hookup the IP-VPN network to the new soniocwall interface it must be a different subnet.  So i would assume i need to find a way to route between the two.  Do i use vlan's? is there a better way?

INTERNET
     |
     |
Sonicwall
     |
     |
Cisco 3560 ----------------- Bell router (Lan IP 192.168.1.70)-------------------WAN connected to 10.0.0.0
     |
     |
   LAN

Local subnet is 192.168.1.0/24

Do i create a vlan on the cisco 3560? Do i hookup the bell network directly to the interface on the sonicwall?

thanks in advance
lgropperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Several issues here. Since all local LAN IP's are 192.168.1.x, I assume that you don't want to change those.  And you can't change the LAN IP of the Bell router. Can you call Bell and ask them to change it? After all, you are paying them for it. That would be the simple solution and then you can plug it right into one of the sonicwall ports.

VLAN's are not the answer because the vlans should be different IP subnets, too, and the Sonicwall must be able to support vlan subinterfaces.

Since you really only want to filter the 10.0.0.0 subnet traffic, can't you setup the Sonicwall to only filter by source IP address? Or is it all or nothing attached to the physical interface? It would be a piece of cake with a Cisco firewall, but unfortunately I don't know SonicOS
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lgropperAuthor Commented:
I am in the middle of speaking with bell to have the interface IP's changed, i just didn't want them to touch anything working because they cause major problems all the time.  My thoughts were the same...

I was thinking vlan's because i could create another subnet and route between them but its more of a patch then an answer.

The sonicwall's content filtering only works per zone + Physical interface.  If the traffic is passing through our LAN interface along with our  local subnet when i turn on the filter it blocks both,  just not that intelligent.

I spoke with sonicwall and there doesn't seem to be a way to filter by IP for the content filtering service... Firewall and other such things not a problem.

This should be such an easy task.... geez.
0
lrmooreCommented:
It is an easy task with Cisco products <grin>
<8-}
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.