Changing local subnet of SonicWall TZ170 with active VPNs

I currently have a VPN tunnel created between a SonicWall TZ170 and a Cisco 2600. Now I am no VPN expert by any means, but I believe what I am proposing won't affect the VPN. I am proposing to change the local LAN subnet of the SonicWall, currently 192.168.5.0 255.255.255.240 to a full Class C to get more available addresses. Now as far as I understand the connectivity of the VPN is only tied to the external Public WAN address. This makes sense. If I change the local LAN subnet of the SonicWall does anyone foresee this crippling the VPN? The only reason I am worried is for the fact that this particular VPN feeds data to one of our high priority sights and I can't have it go down. Any thoughts?
wunderlichAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bhnmiCommented:
It will effect the VPN. The cisco terminates is routing to the lan subnet of the sonicwall. You will have to modify the VPN config on the cisco.
0
wunderlichAuthor Commented:
Looking at the config of the Cisco
0
wunderlichAuthor Commented:
I don't see a tie to any of the LAN addresses any where in the ipsec config.
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

bhnmiCommented:
nothing in the routing table? I am not to sure about the cisco, but I know in sonicwalls you define the remote network address.
0
wunderlichAuthor Commented:
Here is the crypto map and looks as though the access-list covers any range within the 192.168.0.0 network.. your thoughts?


NY_GNNY_WUN_1800#sh crypto map
Crypto Map "tosonicwall" 15 ipsec-isakmp
        Peer = 66.194.155.242
        Extended IP access list 115
            access-list 115 permit ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.255
.255
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.41
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.70
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.71
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.75
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.39.76
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.135.41
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.136.80
            access-list 115 permit ip 192.168.23.0 0.0.0.255 host 169.200.136.74
            access-list 115 permit ip 192.168.23.0 0.0.0.255 162.111.0.0 0.0.255
.255
            access-list 115 permit ip 192.168.23.0 0.0.0.255 128.101.0.0 0.0.255
.255
        Current peer: 66.194.155.242
        Security association lifetime: 4608000 kilobytes/28800 seconds
        PFS (Y/N): N
        Transform sets={
                strongsha,
        }
        Interfaces using crypto map tosonicwall:
                Serial0/0/0
0
wunderlichAuthor Commented:
Are you speaking of the remote sites LAN address or the SonicWall's LAN address? Because i wasn't planning on changing anything for the remote site.
0
bhnmiCommented:
No, I was just saying :) is 192.168.23.0 the sonicwall lan subnet?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wunderlichAuthor Commented:
No, the 23 network is the LAN of the remote site. 5.0 is the SonicWalls LAN
0
liguruCommented:
My VPN is Sonic to Sonic, and, although the VPN goes through the WAN, the Sonic does ask for the destination LAN addresses with the subnet mask.  So I would argue that changing the subnet would effect the VPN.
Check your VPN settings configuration tab, on the SonicWall, and see if  a LAN address range is specified along with a subnet.  You can edit this range in that window if you still wanted to go through with the change, but I don't know what you would do on the Cisco side.
0
wunderlichAuthor Commented:
All,

I called a sonicwall expert friend of mine and he said that it wouldn't affect anything. i already made the change and everything seems to be running smooth. Thank for the help. I will split the credit.
0
wunderlichAuthor Commented:
I ended up finding the correct info from a friend.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.