Sonicwall install using a CIDR block
I have a sonicwall 210w Cox our ISP gave us a CIDR WAN ip subnet 154.78.111.16 mask .224 and gateway
They also gave us a Virtual Cidr subnet 154.79.154.17 (not the real IP) mask .240
usable .18 to.30 gateway .17
Does anyone have experience configuring this setup with a sonicwall. I know You assign the WAN IP to the WAN interface and then create a address group for the "virtual CDIR subnet"
But how is this done.
They also gave us a Virtual Cidr subnet 154.79.154.17 (not the real IP) mask .240
usable .18 to.30 gateway .17
Does anyone have experience configuring this setup with a sonicwall. I know You assign the WAN IP to the WAN interface and then create a address group for the "virtual CDIR subnet"
But how is this done.
Their hardware will route this traffic to the primary public IP that you now have configured for your sonicwall. What are your plans with the extra public IP addresses? You could test this by running the Public Server Wizard for RDP access to an internal workstation....as a test. You can delete the rule when done.I have a client that has assigned us a public IP address, but a series of public IP addresses that do not fall within the range of the one assigned to the WAN interface of the sonicwall.
ASKER
I have everything working now
castellansolutions: is right about adding a network CIDR subnet to the WAN interface but no NAT rule is needed "I was expecting to need a NAT rule"
Now here is a question, of all the CIDR IP's that went to the proper web servers. No other ip's in the CIDR block worked. I know the firewall rules were correct.
After escalating with COX
(by the way they gave us a wrong CIDR block at the cutover. I made 10 DNS changes. And after COX discovered it was the wrong block a day later, they gave us a new block after my client had some words with them) and I had to change the DNS again, and all my address objects.
I worked quite a while on making sure every thing was right on my end.
So here is the question one of the CIDR ip'sworked as it should have, sending mail and OWA to our exchange server. But none other in the block worked.
Monday morning 7:30 I call COX after being up all night.They escalate and without me changing anything on my end in 20 min, everything works 5 web sites that were not accessible even via IP now work by DNS, VPN works...
What did they do? Arp issue on a router?
Any ideas what COX did.
castellansolutions: is right about adding a network CIDR subnet to the WAN interface but no NAT rule is needed "I was expecting to need a NAT rule"
Now here is a question, of all the CIDR IP's that went to the proper web servers. No other ip's in the CIDR block worked. I know the firewall rules were correct.
After escalating with COX
(by the way they gave us a wrong CIDR block at the cutover. I made 10 DNS changes. And after COX discovered it was the wrong block a day later, they gave us a new block after my client had some words with them) and I had to change the DNS again, and all my address objects.
I worked quite a while on making sure every thing was right on my end.
So here is the question one of the CIDR ip'sworked as it should have, sending mail and OWA to our exchange server. But none other in the block worked.
Monday morning 7:30 I call COX after being up all night.They escalate and without me changing anything on my end in 20 min, everything works 5 web sites that were not accessible even via IP now work by DNS, VPN works...
What did they do? Arp issue on a router?
Any ideas what COX did.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes...as I indicated here, http:#a33435051, their routers route to your sonicwall. They must not have had the routes setup properly. Glad it's working for you now.
ASKER
Its a difficult question with many factors thanks for the info about the sonicwall interfaces
so if my firewall ip is this
123.124.22.221
and i have a subnet of 255.255.255.248 (/29)
gateway: 123.124.22.220
then i would set as an additional ip:
123.124.22.222 assign it to zone WAN then create a nat rule to allow the correct traffic.
Is this what you wanted?