Go Premium for a chance to win a PS4. Enter to Win


One-to-One NAT with different subnet on Sonicwall

Posted on 2010-08-25
Medium Priority
Last Modified: 2012-05-10
Just picked up a client with a bonded T1 through Time Warner and have run into a configuration that I didn't know was possible, just wanted to find out why or how this is possible.

Firewall is a Sonicwall Pro 2040.

Their primary external IP is (changed) with a /30 subnet, with an internal NAT

There are also one-to-one NAT entries for several servers. Their external IPs are And the entries work.

Should this be possible? Is this something that the ISP has to set up to be possible? Is there a good overview of one-to-one NAT that I could read to understand what's going on?
Question by:mindIT
  • 2
  • 2

Assisted Solution

Dave773 earned 668 total points
ID: 33524403
It sounds like the customer owns their own address space which is getting routed through their TW connection.
If you check ARINs website, you should see that they own the addresses falling in the space. Just put one of their IPs in this tool:

Assisted Solution

jimmyray7 earned 668 total points
ID: 33524541
That is completely do-able.  Here is the doc on 1 to 1 NAT - http://www.sonicwall.com/us/support/2134_3150.html
LVL 33

Accepted Solution

digitap earned 664 total points
ID: 33525343
Go to Network > Interfaces.  Look to see if there is a secondary set of public IP address configured for the WAN interface.  Or, they have a secondary Internet connection and that will show up under Network > Interfaces.Another possiblility is the ISP has a different set of public IP addresses and they are routing those to your primary gateway (WAN interface IP address).Or, your situation sounds similar to this question:http://www.experts-exchange.com/Networking/Broadband/ISPs/Q_26376977.html?sfQueryTermInfo=1+10+30+digitap+isp+sonicwal

Expert Comment

ID: 33525476
The WAN Interface will only show the primary IP and subnet.  In order to see any other networks on an interface, view the ARP entries to see if another network range has been attached to the X1 interface.  (sub interfaces, like vlans, will show on the interfaces page)
LVL 33

Expert Comment

ID: 33558956
Thanks for the points!

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question