Solved

problem with my new router

Posted on 2010-08-25
58
321 Views
Last Modified: 2012-05-10
i add buy a cisco rv082 for my vpn. My local network is on a adress of class B 172.16.x.x subnet 255.255.224.0
but this router only allow ip of class c

what can i do to make it work
0
Comment
Question by:GCI_SUPPORT
  • 27
  • 17
  • 12
  • +1
58 Comments
 
LVL 4

Expert Comment

by:Dave773
ID: 33524939
Issue the 'ip classless' command
0
 

Author Comment

by:GCI_SUPPORT
ID: 33524964
and you mean what by that ?
0
 

Author Comment

by:GCI_SUPPORT
ID: 33525002
i also have a sonicwall nsa 2400
there is a way to make my two network communicate by using my sonicwall ?
0
 
LVL 4

Expert Comment

by:Dave773
ID: 33525298
Do you have RIP v1 enabled in the RV082? If so, change it to RIP v2.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33525372
i have a place in advanced routing where saying rip that i just enaand nothing has changed
0
 
LVL 33

Expert Comment

by:digitap
ID: 33525464
sonicwall?  what are you doing with the sonicwall?
0
 

Author Comment

by:GCI_SUPPORT
ID: 33525635
my sonicwall is my connection to the internet for my lan user
0
 
LVL 33

Expert Comment

by:digitap
ID: 33525785
OK...you could use the VPN on the sonicwall and route traffic from the sonicwall to the cisco.  yes, this is possible.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33525869
i dont want to use the vpn on my sonicwall because it has 10 license on it
0
 

Author Comment

by:GCI_SUPPORT
ID: 33525895
i forget to say that the 2 network are in the same building
0
 
LVL 33

Expert Comment

by:digitap
ID: 33525951
OK...if you'd rather use the Cisco then Dave's your best bet.  I'm a sonicwall guy.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33526060
it doesnt matter what i use, Iwant to make it work :)

i will start it off from the start

One month ago, i have configured my network using a class b ip (172.16.x.x) with a subnet of 255.255.224.0.

Everything was working fine

My boss ask me to have connection from the outside to our erp. So i decided to use vpn for that instead of remote desktop. But my problem was that I need to have more than 15 users and my sonicwall nsa 2400 has only 10 vpn users. So i say, what is the most economical solution. Do i buy extra sonicwall user or i buy a vpn machine. So i decided to buy the cisco rv082.

When i want to install my router, i just saw that they only access ip of class c (192). So i am stuck with that. So i think maybe i can make two network
network 1 : 172.16.x.x subnet 255.255.224.0
network 2 : 192.168.1.x subnet 255.255.255.0
and make it talk togheter.

so by doing that, i will have all my vpn user on a network and all my internal user on a different one.

from that, how can i make it talk togheter



0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33530015
Let understand this:

- you have two networks
- network A is 172.16.x.x, this is the main network. It has a Sonicwall NSA 2400
- the Sonicwall can only support upto 10 concurrent VPN connections
- you now have a second network, 192.168.x.x
- you bought the RV082 to connect the network 192.168.x.x to 172.168.x.x

- is this correct?

I would suggest that you rtake a look at page 65 to configure a gateway of the rv082.

You will need to match the settings to that of a group vpn on the Sonicwall NSA appliance.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33530546
you are almost correct
my first network is the sonicwall (172.16.x.x)
my second network is the cisco (192.168.1.x)
(this one will be use for the vpn user)

so i want when user connect to the vpn, they will get an ip of 192.168.1.x. After they must connect to my data server that is on the 172.16.x network

i want the two network talking together
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33530694
How many users are on the second network or are these road warriors that are in multiple locations?
0
 

Author Comment

by:GCI_SUPPORT
ID: 33530855
yes they are the outside user

and maybe i will have some internal pc on that network
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33531425
I would then recommend this SSL VPN device from Netgear http://www.netgear.com/products/business/VPN-firewalls-appliances/SSL-VPN-concentrators/SSL312.aspx

This unit can support upto 25 SSL VPN clients.  You could configure a public IP to this device and add it to your NSA 2400.

The NSA would then not manage VPN.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33531697
my only question is i want to connect my network a with myu network b and make it talk togheter without using vpn
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33531790
What is myu?

Are these two networks connected to the same Network switch or is someone connecting from their home to the office?
0
 

Author Comment

by:GCI_SUPPORT
ID: 33531845
connected in the same building, same server room same switch
0
 

Author Comment

by:GCI_SUPPORT
ID: 33532022
ok i had made a little visio that explain what i want to do
NETWORK.jpg
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532128
You're just talking about routes now.  With the 2400 you've got multiple interfaces.  Configure one of the interfaces on the 2400 ON network B.  Then setup the proper firewall access rules to allow the traffic you want egress/ingress.  You'll need to setup a route on the RV082 so Network B can get to the Sonicwall when they want to access Network A.  My only concern is the 1811.  How does that come into play here?
0
 

Author Comment

by:GCI_SUPPORT
ID: 33532169
what i want to know is how i make this route

and the 1811 is for my t3 connection(optical)
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532197
OK...I can help with the sonicwall, but one of the others will have to lend their Cisco expertise to setup a route on the RV082.

Based on the network diagram, you currently have the sonicwall connected to the Dell switch?  Are you using the WAN interface on the 2400 or a different interface?
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532199
Ok I see.

Forget the VPN it is not needed.

On the NSA create two vLANs 172.16.x.x and 192.168.x.x on separate interfaces on your NSA 2400

If your Dell switch supports vLANs,  create port based vLANs(one for 172.16.x.x and another for 192.168.x.x)

Connect the NSA interfaces to the properly assigned vLAN ports on the Dell switch.

Now connect the computers to the proper vLANs.

You will have to configre routes on the NSA so that the vLANs can route traffic.

Do not use the RV082
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532228
I don't know about the VLANs.  I think it will be must less complex to set one of the sonicwall interfaces on the network that's between the RV082 and 1811.  VLANs get complicated, yes?
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532248
I don't think they do and they would simplify the amount of connectivites and then you just have to manage one device.  I think less points of failure.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33532274
i need to use my rv082. is my vpn server
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532295
Why do you need VPN on the same network?  
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:GCI_SUPPORT
ID: 33532351
the vpn is for my outside user
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532441
Are the VPN users on the RV082 from both companies?

I think this is complicating your comfig(I.M.O)
0
 

Author Comment

by:GCI_SUPPORT
ID: 33532479
yes
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532528
OK is it possible to return or exchange the RV082?

I say this because the way you have your network makes for a lot of extra work that (I think) is unnecessary :)

I will post some diagrams of my vision to help you and you can tell me yes or HELL NO, you're crazy...
0
 
LVL 33

Expert Comment

by:digitap
ID: 33532612
hmmm...i think i'm seeing that too...if the sonicwall AND the rv082 were on the "internet", then the rv082 could be used for vpn use exclusively and the sonicwall as the primary firewall.  of course, IF you could return the rv082, you could redirect those $$$ to purchasing more gvc licenses on thbe sonicwall or purchasing a sonicwall ssl-vpn appliance.  not married to the sonicwall idea, but i see you already have one and staying with the same vendor eases implimentation.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33532672
digitap you understand exactly what i want to do, also buying extra sonicwall user will cost me more than the rrv082 and also if i get troule it will cost me support also from sonicwall

you found the reason why i bought the rv082
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33532705
Then what about exchange for the unit I suggested previously? http://www.netgear.com/products/business/VPN-firewalls-appliances/SSL-VPN-concentrators/SSL312.aspx

This would give you upto 25 VPN licenses for under $400
0
 

Author Comment

by:GCI_SUPPORT
ID: 33533072
because i just bought the rv082 and i have about 100 vpn users with it, also what difference i will get with the netgear. (it will take my ip with my netmask of 255.225.224.0 ) ?
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33533080
Here is my vision to help you.
  1. The SSL312 connects to a port on the NSA 2400
  2. You will have to configure a firewall rule to forward all SSL VPN requests from the internet to the SSL312
  3. Those requests are then allowed to the LAN
  4. All regular router traffic is setup to route thru the NSA2400
  5. You will need to configure your rules on the NSA 2400 to route traffic from vLAN A to vLAN B
If anyone has any amendments to this feel free to chime in :)

Picture-262.png
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33533157
AH!!

So then, if you have 100VPN client licenses with your RV082, swap in my layout, the SSL312 device and use the RV082 in it's place.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33533398
Here's a KB from sonicwall that shows how to connect a SSL-VPN appliance to your 2040.  It's for a sonicwall ssl-vpn appliance, but the configuration for the 2040 would be the same regardless of the ssl-vpn appliance.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6126
0
 

Author Comment

by:GCI_SUPPORT
ID: 33533600
here is my real network except for the lan user  and printer
REAL-NETWORK.jpg
0
 

Author Comment

by:GCI_SUPPORT
ID: 33534144
it is a better solution to change all my network ip that is (172.16.0.1 netmask 255.255.224.0) to 192.168.0.1 netmask (255.255.255.0)

i know if i do that my router will fit the same ip range of my current lan
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33534347
Actually don't change your LAN.

The RV082 is going to have two interfaces; 1 for the NSA 2400(192.168.x.x for road warriors & home users) and another with the 172.16.x.x(for LAN)

See my image of the layout
Sonicwall-and-VPN.jpg
0
 

Author Comment

by:GCI_SUPPORT
ID: 33534656
and like that i dont need to do routing ???
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33534792
Just make sure that your RV082 does not give out any DHCP leases to the LAN
0
 

Author Comment

by:GCI_SUPPORT
ID: 33535435
ok everything seem too complex, i will change my network ip and will wait when i will get no more ip
thanks everybody for your help
0
 
LVL 33

Expert Comment

by:digitap
ID: 33535490
huh...what does, "no more IP mean?"
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33535561
Trust me.  This is a simple change on your Sonicwall:
- assign an interface to port forward IKE and 500 from the WAN-->Interface that the RV082 is connected(give this the IP 192.168.50.1
- You then need to configure the WAN interface on the RV082 to IP 192.168.50.2
- Configure the LAN side of the RV082 with an IP in the range of 172.16.x.x

You are done.

I hope you know thant changing a whole LAN IP range can be a world of trouble for DNS, email your firewall and everything else....
0
 

Author Comment

by:GCI_SUPPORT
ID: 33535683
1ST , RV082 doesnt take the subnet mask 255.255.224.0

also i want to give a public ip to the wan of the rv082, i dont want the rv082 plug into my sonicwall
0
 
LVL 33

Expert Comment

by:digitap
ID: 33535745
you'll want to plug the LAN side of the RV082 into the sonicwall.  The WAN side should get a public IP address.

You want your VPN users to get an ssl-vpn connection to the 082, then route that traffic through the sonicwall.  this will allow you to manage what networks those users have access to thus increasing the security of your network.

What interface are you trying to set subnet 255.255.224.0 on?

@nappy_d :: I'm cool letting you take it from here.  I feel my contribution to the discussion may be confusing things and I've got alot going on right at the moment.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33535788
@dititap: AGREED on the config.  Here is my visual layout...


Sonicwall---DMZ-Setup-4.jpg
0
 

Author Comment

by:GCI_SUPPORT
ID: 33535914
that want i want but i cannot put the 255.255.224.0 to the rv082

it let me choose from this subnet
255.255.225.X
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33535918
The NSA would have a public IP too, right?  Otherwise, that's right on.
0
 

Author Comment

by:GCI_SUPPORT
ID: 33535989
yes
0
 

Author Comment

by:GCI_SUPPORT
ID: 33536126
like i said before i think i will change ip,
i only have to update 1dns an a couple of pc :)

it will be more fast this way
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 250 total points
ID: 33536174
go for it then
0
 

Author Comment

by:GCI_SUPPORT
ID: 33536541
thanks everybody for your help
0
 
LVL 33

Expert Comment

by:digitap
ID: 33536576
um, sure.  thanks for the points!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now