How do I make it so that computers inside our Sonicwall's LAN can access a computer connected to sonicwall's WAN port?

Hello,
Our Sonicwall is connected directly to our T1 IAD/Router which then goes to the T1 company's data center. They offer a service where you can create an "always on", no configuration VPN connection between 1 Router on the T1 network and another one as long as they both use the same T1 company. Before installing the Sonicwall at location 1, we had this configured so that at location 1 (the 10.0.1.1 network), you could access the files of the other location 2 (the 10.0.2.1 network). so at location 1, typing in 10.0.2.100 would pull up the server at location 2 because that was the ip of the server, and at location 2 you could type in 10.0.1.100 and pull up the sever at location 1. Now that the sonicwall is in place at location 1, the ips are all 192.168.168.###, and we cannot pull up 10.0.2.100. We understand that with the sonicwall, it is understandable to not be able to pull up the files from location 1 at location2 which is okay - but we want to be able to pull up the files of location 2 while at location 1 because we used to do our backups from location 1 to location 2 (for offsite backups) by just typing in 10.0.2.100 as the place to backup to. How can we setup so that traffic to location 2 from location 1 is allowed and not blocked.
jeffschickAsked:
Who is Participating?
 
ccomleyCommented:
If the 10.0.2.1 address is OUTside your (only) sonicwall, it ought to be regared just as a "normal" WAN address, unless the sonciwall has been explicitly told to block that address for some reason.  The address is a martian - it must not be used on the internet, only in a private network. But you ARE in a private network, and there are no default rules in the sonicwall which assume the WAN side of the sonicwall is connected directly to the internet. Unless who-ever installed the sonicwall has put such an anti-martian rule in for you not realising it will cause problems.

Do you get any entry in the Sonicwall log when you try to access the remote server?

0
 
ccomleyCommented:
I'm not following your description, I'm afraid.

Is the "target" server that used to be accessed as 10.0.1.1) now *behind* a Sonicwall?

If so, then you need to set up a NAT rule which maps the "public" Ip address of that server (10.0.1.1) to the "private" address (192.168.168.<x>). And a Firewall rule permitting "inbound" (WAN to LAN) access to that destination from the other network.

The sonicwall isn't a "brick wall", it's a MASSIVLY configurable tool which lets you *define* what is and what is not allowed.


If I'm not correctly understanding you, then please try again - clarify your description with a diagram if you can, and also tell us what model Sonicwalls are in use and if they are Standard or Enhanced OS units.

For example, as I'm seeing your network


LAN1----192.168.168.0/24------Svr=192.168.168.x----ws----ws---ws---ws----
  |
Sonicwall <model><OS>
 |
WAN zone 1 ----- 10.0.1.0/24------
 |
Service provided router
 |
WAN Zone 1 ------10.0.2.0/24-----
 |
Sonicwall <model><OS>
 |
LAN two ----- etc----



0
 
jeffschickAuthor Commented:
The target server is 10.0.2.1, which is not behind the sonicwall. it is located at another location, but with our ISP they create an always on VPN between the two locations. We are trying to get from a computer inside the sonicwall network (192.168.168.150) to the server outside the sonicwall network  - 10.0.2.1
I appreciate your help in helping me fix this weird problem. Thanks!
0
 
ccomleyCommented:
I'm assuming, by the way, taht there is only ONE connection to your ISP, via which you reach both the internet and the far end of the supplied VPN tunnel, and that the Sonicwall is NOW between your LAn and this connection point. If that's not correct, pls show how it all fits together.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.