[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Changing local subnet of SonicWall TZ170 with active VPNs

Posted on 2008-01-31
11
Medium Priority
?
670 Views
Last Modified: 2010-04-21
I currently have a VPN tunnel created between a SonicWall TZ170 and a Cisco 2600. Now I am no VPN expert by any means, but I believe what I am proposing won't affect the VPN. I am proposing to change the local LAN subnet of the SonicWall, currently 192.168.5.0 255.255.255.240 to a full Class C to get more available addresses. Now as far as I understand the connectivity of the VPN is only tied to the external Public WAN address. This makes sense. If I change the local LAN subnet of the SonicWall does anyone foresee this crippling the VPN? The only reason I am worried is for the fact that this particular VPN feeds data to one of our high priority sights and I can't have it go down. Any thoughts?
0
Comment
Question by:wunderlich
  • 7
  • 3
11 Comments
 
LVL 12

Expert Comment

by:bhnmi
ID: 20792093
It will effect the VPN. The cisco terminates is routing to the lan subnet of the sonicwall. You will have to modify the VPN config on the cisco.
0
 

Author Comment

by:wunderlich
ID: 20792117
Looking at the config of the Cisco
0
 

Author Comment

by:wunderlich
ID: 20792169
I don't see a tie to any of the LAN addresses any where in the ipsec config.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 12

Expert Comment

by:bhnmi
ID: 20792199
nothing in the routing table? I am not to sure about the cisco, but I know in sonicwalls you define the remote network address.
0
 

Author Comment

by:wunderlich
ID: 20792204
Here is the crypto map and looks as though the access-list covers any range within the 192.168.0.0 network.. your thoughts?


NY_GNNY_WUN_1800#sh crypto map
Crypto Map "tosonicwall" 15 ipsec-isakmp
        Peer = 66.194.155.242
        Extended IP access list 115
            access-list 115 permit ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.255
.255
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.41
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.70
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.71
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.75
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.76
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.135.41
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.136.80
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.136.74
            access-list 115 permit ip 192.168.23.0 0.0.0.255 162.111.0.0 0.0.255
.255
            access-list 115 permit ip 192.168.23.0 0.0.0.255 128.101.0.0 0.0.255
.255
        Current peer: 66.194.155.242
        Security association lifetime: 4608000 kilobytes/28800 seconds
        PFS (Y/N): N
        Transform sets={
                strongsha,
        }
        Interfaces using crypto map tosonicwall:
                Serial0/0/0
0
 

Author Comment

by:wunderlich
ID: 20792218
Are you speaking of the remote sites LAN address or the SonicWall's LAN address? Because i wasn't planning on changing anything for the remote site.
0
 
LVL 12

Accepted Solution

by:
bhnmi earned 750 total points
ID: 20792230
No, I was just saying :) is 192.168.23.0 the sonicwall lan subnet?
0
 

Author Comment

by:wunderlich
ID: 20792246
No, the 23 network is the LAN of the remote site. 5.0 is the SonicWalls LAN
0
 
LVL 3

Assisted Solution

by:liguru
liguru earned 750 total points
ID: 20793170
My VPN is Sonic to Sonic, and, although the VPN goes through the WAN, the Sonic does ask for the destination LAN addresses with the subnet mask.  So I would argue that changing the subnet would effect the VPN.
Check your VPN settings configuration tab, on the SonicWall, and see if  a LAN address range is specified along with a subnet.  You can edit this range in that window if you still wanted to go through with the change, but I don't know what you would do on the Cisco side.
0
 

Author Comment

by:wunderlich
ID: 20793985
All,

I called a sonicwall expert friend of mine and he said that it wouldn't affect anything. i already made the change and everything seems to be running smooth. Thank for the help. I will split the credit.
0
 

Author Closing Comment

by:wunderlich
ID: 31426954
I ended up finding the correct info from a friend.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question