Secondary WAN IP from separate block on Sonicwall NSA 2400
I just got a new IP address from our ISP to assign to the WAN side of our Sonicwall NSA 2400 (SonicOS Enhanced 5.0.2.0-17o). I wanted to just assign it to the same X1 WAN interface as the existing IP, but couldn't figure out how to do that (multihome?). I then tried to add it to the X2 interface as a secondary WAN interface, but am getting an 'Invalid IP' error when I try to save the interface record. What's strange is that if I change the subnet mask from a /30 (255.255.255.252) to something at or below 255.255.255.250 I no longer get the error. Of course if I do that I can't communicate with the default gateway.
My existing IP is 64.x..x.x/255.255.255.252.
Hope that makes sense to someone.
My existing IP is 64.x..x.x/255.255.255.252.
Hope that makes sense to someone.
ASKER
I'm sure I probably could; is there reason to believe the current version is suspect?
Yes, the new gateway is also configured under the X2 secondary WAN interface, although I can only save the record if I assign an incorrect subnet mask to it.
Yes, the new gateway is also configured under the X2 secondary WAN interface, although I can only save the record if I assign an incorrect subnet mask to it.
so, you need one subnet to talk to the gateway, but that subnet isn't supported on the interface... i was hoping 5.6 might have fixed that.
if you set it for 255.255.255.0, you should still be able to talk to your gateway, assuming your ip is a.b.c.d and your gateway is the same a.b.c.X
have you confirmed that the new ip/sn/gw config actually works thru your ISP connection? are you able to set that up on a laptop and plug it into the ISP device and browse?
if you set it for 255.255.255.0, you should still be able to talk to your gateway, assuming your ip is a.b.c.d and your gateway is the same a.b.c.X
have you confirmed that the new ip/sn/gw config actually works thru your ISP connection? are you able to set that up on a laptop and plug it into the ISP device and browse?
I am note too clear here: is this waht you want
X0 - LAN (Internal IP Range)
X1-WAN - Current IP range (IP 64.x..x.x Mask 255.255.255.xxx, Gateway 64.xx.xx.001)
X2-WAN (Assign to zone if needed) 174.x.x.x, 255.255.255.0, 174.x.x.1
That will createwhat i think yopu want, also you then go and add a new network object and set the options to:
Type Host, Zone WAN.
If you've already tried that i didnt see it inyour post my apologies...
X0 - LAN (Internal IP Range)
X1-WAN - Current IP range (IP 64.x..x.x Mask 255.255.255.xxx, Gateway 64.xx.xx.001)
X2-WAN (Assign to zone if needed) 174.x.x.x, 255.255.255.0, 174.x.x.1
That will createwhat i think yopu want, also you then go and add a new network object and set the options to:
Type Host, Zone WAN.
If you've already tried that i didnt see it inyour post my apologies...
ASKER
That's pretty much exactly what I've done, and I'm not sure if I did it manually or if it was created as part of configuring the X2 interface, but there is an Address Object named 'X2 IP' with the new host IP and Type Host and Zone WAN.
Not sure if it matters, but just to be clear in case I wasn't - while the two addresses we've been given are from separate blocks, they are both /30/.252. I don't know if or why that would have anything to do with the 'Invalid IP' error I get when I try to configure it with that subnet mask, but using the .250 instead (which at least allows me to save the record) hasn't helped. In fact, I tried a ping test from the diagnostics page, and while it did say it was using its 174.x.x.148 IP/interface, it was unable to ping the default gateway (174.x.x.149).
Thanks for the replies -
Not sure if it matters, but just to be clear in case I wasn't - while the two addresses we've been given are from separate blocks, they are both /30/.252. I don't know if or why that would have anything to do with the 'Invalid IP' error I get when I try to configure it with that subnet mask, but using the .250 instead (which at least allows me to save the record) hasn't helped. In fact, I tried a ping test from the diagnostics page, and while it did say it was using its 174.x.x.148 IP/interface, it was unable to ping the default gateway (174.x.x.149).
Thanks for the replies -
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also the other posters idea of connecting a laptop to the line itself (bypassing the sonicwall) was a good one and one i would try.
ASKER
Well, it looks like you were correct... I tried to use the IP/Mask/DG (.148/.252/.149) combo they gave me on my laptop and Windows threw an error saying there wasn't any room for hosts in the address. I guess I'm puzzled now trying to figure out what the right subnet mask is. I know I can ping the default gateway (.149) from the Internet, but can't ping it from the Sonicwall (.148) when I use a subnet mask that doesn't give me an error (i.e. .250 and .0)
Who is your provider? if its XO it wouldnt surpirse me also when ic alled to find out what was what XO gave me completely different ips! (So it wasnt like i could have fiddled with it and got it too work).
ASKER
It's TW Telecom, and what's worse is that I actually emailed the IP Manager as soon as I got the error earlier and she confirmed everything was right. I just emailed her back and will wait to hear back tomorrow.
the subnet specifies what your neighbors are and who you're allowed to talk to.
they gave you bad info, but if you just change the subnet to 255.255.255.0 it should work fine, because that /24 will let you talk from 148 to 149 just fine.
a subnet of 255.255.255.252 mathmatically means there's only two hosts on the subnet: .149 and .150, with .151 being the broadcast address. assume they want you to use .148 and use .149 as the gateway, that can't happen with a .252 subnet... but it can with 255.255.255.0... just to test with, but i think all your info is wrong from them.
i would try your wan ip of .150 and set the gateway to .151 and subnet .252 see what happens.
i would also try your .148 address using .149 as the gateway but with a /24 subnet
http://www.subnet-calculator.com/subnet.php
set that up with your ip info they gave you, and email them a screenshot.
they gave you bad info, but if you just change the subnet to 255.255.255.0 it should work fine, because that /24 will let you talk from 148 to 149 just fine.
a subnet of 255.255.255.252 mathmatically means there's only two hosts on the subnet: .149 and .150, with .151 being the broadcast address. assume they want you to use .148 and use .149 as the gateway, that can't happen with a .252 subnet... but it can with 255.255.255.0... just to test with, but i think all your info is wrong from them.
i would try your wan ip of .150 and set the gateway to .151 and subnet .252 see what happens.
i would also try your .148 address using .149 as the gateway but with a /24 subnet
http://www.subnet-calculator.com/subnet.php
set that up with your ip info they gave you, and email them a screenshot.
ASKER
They're creating and sending me a new block that's /29, so I'll give that one a try and see how it goes. I did try .148/.149 with /24, but was still not able to ping .149 from .148.
ASKER
Well that seemed to have done the trick. Thanks for the input everyone!
for your new static ip, is the new gateway also 172.x.x.x?