• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

problem with my new router

i add buy a cisco rv082 for my vpn. My local network is on a adress of class B 172.16.x.x subnet 255.255.224.0
but this router only allow ip of class c

what can i do to make it work
0
GCI_SUPPORT
Asked:
GCI_SUPPORT
  • 27
  • 17
  • 12
  • +1
2 Solutions
 
Dave773Commented:
Issue the 'ip classless' command
0
 
GCI_SUPPORTAuthor Commented:
and you mean what by that ?
0
 
GCI_SUPPORTAuthor Commented:
i also have a sonicwall nsa 2400
there is a way to make my two network communicate by using my sonicwall ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Dave773Commented:
Do you have RIP v1 enabled in the RV082? If so, change it to RIP v2.
0
 
GCI_SUPPORTAuthor Commented:
i have a place in advanced routing where saying rip that i just enaand nothing has changed
0
 
digitapCommented:
sonicwall?  what are you doing with the sonicwall?
0
 
GCI_SUPPORTAuthor Commented:
my sonicwall is my connection to the internet for my lan user
0
 
digitapCommented:
OK...you could use the VPN on the sonicwall and route traffic from the sonicwall to the cisco.  yes, this is possible.
0
 
GCI_SUPPORTAuthor Commented:
i dont want to use the vpn on my sonicwall because it has 10 license on it
0
 
GCI_SUPPORTAuthor Commented:
i forget to say that the 2 network are in the same building
0
 
digitapCommented:
OK...if you'd rather use the Cisco then Dave's your best bet.  I'm a sonicwall guy.
0
 
GCI_SUPPORTAuthor Commented:
it doesnt matter what i use, Iwant to make it work :)

i will start it off from the start

One month ago, i have configured my network using a class b ip (172.16.x.x) with a subnet of 255.255.224.0.

Everything was working fine

My boss ask me to have connection from the outside to our erp. So i decided to use vpn for that instead of remote desktop. But my problem was that I need to have more than 15 users and my sonicwall nsa 2400 has only 10 vpn users. So i say, what is the most economical solution. Do i buy extra sonicwall user or i buy a vpn machine. So i decided to buy the cisco rv082.

When i want to install my router, i just saw that they only access ip of class c (192). So i am stuck with that. So i think maybe i can make two network
network 1 : 172.16.x.x subnet 255.255.224.0
network 2 : 192.168.1.x subnet 255.255.255.0
and make it talk togheter.

so by doing that, i will have all my vpn user on a network and all my internal user on a different one.

from that, how can i make it talk togheter



0
 
nappy_dCommented:
Let understand this:

- you have two networks
- network A is 172.16.x.x, this is the main network. It has a Sonicwall NSA 2400
- the Sonicwall can only support upto 10 concurrent VPN connections
- you now have a second network, 192.168.x.x
- you bought the RV082 to connect the network 192.168.x.x to 172.168.x.x

- is this correct?

I would suggest that you rtake a look at page 65 to configure a gateway of the rv082.

You will need to match the settings to that of a group vpn on the Sonicwall NSA appliance.
0
 
GCI_SUPPORTAuthor Commented:
you are almost correct
my first network is the sonicwall (172.16.x.x)
my second network is the cisco (192.168.1.x)
(this one will be use for the vpn user)

so i want when user connect to the vpn, they will get an ip of 192.168.1.x. After they must connect to my data server that is on the 172.16.x network

i want the two network talking together
0
 
nappy_dCommented:
How many users are on the second network or are these road warriors that are in multiple locations?
0
 
GCI_SUPPORTAuthor Commented:
yes they are the outside user

and maybe i will have some internal pc on that network
0
 
nappy_dCommented:
I would then recommend this SSL VPN device from Netgear http://www.netgear.com/products/business/VPN-firewalls-appliances/SSL-VPN-concentrators/SSL312.aspx

This unit can support upto 25 SSL VPN clients.  You could configure a public IP to this device and add it to your NSA 2400.

The NSA would then not manage VPN.
0
 
GCI_SUPPORTAuthor Commented:
my only question is i want to connect my network a with myu network b and make it talk togheter without using vpn
0
 
nappy_dCommented:
What is myu?

Are these two networks connected to the same Network switch or is someone connecting from their home to the office?
0
 
GCI_SUPPORTAuthor Commented:
connected in the same building, same server room same switch
0
 
GCI_SUPPORTAuthor Commented:
ok i had made a little visio that explain what i want to do
NETWORK.jpg
0
 
digitapCommented:
You're just talking about routes now.  With the 2400 you've got multiple interfaces.  Configure one of the interfaces on the 2400 ON network B.  Then setup the proper firewall access rules to allow the traffic you want egress/ingress.  You'll need to setup a route on the RV082 so Network B can get to the Sonicwall when they want to access Network A.  My only concern is the 1811.  How does that come into play here?
0
 
GCI_SUPPORTAuthor Commented:
what i want to know is how i make this route

and the 1811 is for my t3 connection(optical)
0
 
digitapCommented:
OK...I can help with the sonicwall, but one of the others will have to lend their Cisco expertise to setup a route on the RV082.

Based on the network diagram, you currently have the sonicwall connected to the Dell switch?  Are you using the WAN interface on the 2400 or a different interface?
0
 
nappy_dCommented:
Ok I see.

Forget the VPN it is not needed.

On the NSA create two vLANs 172.16.x.x and 192.168.x.x on separate interfaces on your NSA 2400

If your Dell switch supports vLANs,  create port based vLANs(one for 172.16.x.x and another for 192.168.x.x)

Connect the NSA interfaces to the properly assigned vLAN ports on the Dell switch.

Now connect the computers to the proper vLANs.

You will have to configre routes on the NSA so that the vLANs can route traffic.

Do not use the RV082
0
 
digitapCommented:
I don't know about the VLANs.  I think it will be must less complex to set one of the sonicwall interfaces on the network that's between the RV082 and 1811.  VLANs get complicated, yes?
0
 
nappy_dCommented:
I don't think they do and they would simplify the amount of connectivites and then you just have to manage one device.  I think less points of failure.
0
 
GCI_SUPPORTAuthor Commented:
i need to use my rv082. is my vpn server
0
 
nappy_dCommented:
Why do you need VPN on the same network?  
0
 
GCI_SUPPORTAuthor Commented:
the vpn is for my outside user
0
 
nappy_dCommented:
Are the VPN users on the RV082 from both companies?

I think this is complicating your comfig(I.M.O)
0
 
GCI_SUPPORTAuthor Commented:
yes
0
 
nappy_dCommented:
OK is it possible to return or exchange the RV082?

I say this because the way you have your network makes for a lot of extra work that (I think) is unnecessary :)

I will post some diagrams of my vision to help you and you can tell me yes or HELL NO, you're crazy...
0
 
digitapCommented:
hmmm...i think i'm seeing that too...if the sonicwall AND the rv082 were on the "internet", then the rv082 could be used for vpn use exclusively and the sonicwall as the primary firewall.  of course, IF you could return the rv082, you could redirect those $$$ to purchasing more gvc licenses on thbe sonicwall or purchasing a sonicwall ssl-vpn appliance.  not married to the sonicwall idea, but i see you already have one and staying with the same vendor eases implimentation.
0
 
GCI_SUPPORTAuthor Commented:
digitap you understand exactly what i want to do, also buying extra sonicwall user will cost me more than the rrv082 and also if i get troule it will cost me support also from sonicwall

you found the reason why i bought the rv082
0
 
nappy_dCommented:
Then what about exchange for the unit I suggested previously? http://www.netgear.com/products/business/VPN-firewalls-appliances/SSL-VPN-concentrators/SSL312.aspx

This would give you upto 25 VPN licenses for under $400
0
 
GCI_SUPPORTAuthor Commented:
because i just bought the rv082 and i have about 100 vpn users with it, also what difference i will get with the netgear. (it will take my ip with my netmask of 255.225.224.0 ) ?
0
 
nappy_dCommented:
Here is my vision to help you.
  1. The SSL312 connects to a port on the NSA 2400
  2. You will have to configure a firewall rule to forward all SSL VPN requests from the internet to the SSL312
  3. Those requests are then allowed to the LAN
  4. All regular router traffic is setup to route thru the NSA2400
  5. You will need to configure your rules on the NSA 2400 to route traffic from vLAN A to vLAN B
If anyone has any amendments to this feel free to chime in :)

Picture-262.png
0
 
nappy_dCommented:
AH!!

So then, if you have 100VPN client licenses with your RV082, swap in my layout, the SSL312 device and use the RV082 in it's place.
0
 
digitapCommented:
Here's a KB from sonicwall that shows how to connect a SSL-VPN appliance to your 2040.  It's for a sonicwall ssl-vpn appliance, but the configuration for the 2040 would be the same regardless of the ssl-vpn appliance.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6126
0
 
GCI_SUPPORTAuthor Commented:
here is my real network except for the lan user  and printer
REAL-NETWORK.jpg
0
 
GCI_SUPPORTAuthor Commented:
it is a better solution to change all my network ip that is (172.16.0.1 netmask 255.255.224.0) to 192.168.0.1 netmask (255.255.255.0)

i know if i do that my router will fit the same ip range of my current lan
0
 
nappy_dCommented:
Actually don't change your LAN.

The RV082 is going to have two interfaces; 1 for the NSA 2400(192.168.x.x for road warriors & home users) and another with the 172.16.x.x(for LAN)

See my image of the layout
Sonicwall-and-VPN.jpg
0
 
GCI_SUPPORTAuthor Commented:
and like that i dont need to do routing ???
0
 
nappy_dCommented:
Just make sure that your RV082 does not give out any DHCP leases to the LAN
0
 
GCI_SUPPORTAuthor Commented:
ok everything seem too complex, i will change my network ip and will wait when i will get no more ip
thanks everybody for your help
0
 
digitapCommented:
huh...what does, "no more IP mean?"
0
 
nappy_dCommented:
Trust me.  This is a simple change on your Sonicwall:
- assign an interface to port forward IKE and 500 from the WAN-->Interface that the RV082 is connected(give this the IP 192.168.50.1
- You then need to configure the WAN interface on the RV082 to IP 192.168.50.2
- Configure the LAN side of the RV082 with an IP in the range of 172.16.x.x

You are done.

I hope you know thant changing a whole LAN IP range can be a world of trouble for DNS, email your firewall and everything else....
0
 
GCI_SUPPORTAuthor Commented:
1ST , RV082 doesnt take the subnet mask 255.255.224.0

also i want to give a public ip to the wan of the rv082, i dont want the rv082 plug into my sonicwall
0
 
digitapCommented:
you'll want to plug the LAN side of the RV082 into the sonicwall.  The WAN side should get a public IP address.

You want your VPN users to get an ssl-vpn connection to the 082, then route that traffic through the sonicwall.  this will allow you to manage what networks those users have access to thus increasing the security of your network.

What interface are you trying to set subnet 255.255.224.0 on?

@nappy_d :: I'm cool letting you take it from here.  I feel my contribution to the discussion may be confusing things and I've got alot going on right at the moment.
0
 
nappy_dCommented:
@dititap: AGREED on the config.  Here is my visual layout...


Sonicwall---DMZ-Setup-4.jpg
0
 
GCI_SUPPORTAuthor Commented:
that want i want but i cannot put the 255.255.224.0 to the rv082

it let me choose from this subnet
255.255.225.X
0
 
digitapCommented:
The NSA would have a public IP too, right?  Otherwise, that's right on.
0
 
GCI_SUPPORTAuthor Commented:
yes
0
 
GCI_SUPPORTAuthor Commented:
like i said before i think i will change ip,
i only have to update 1dns an a couple of pc :)

it will be more fast this way
0
 
nappy_dCommented:
go for it then
0
 
GCI_SUPPORTAuthor Commented:
thanks everybody for your help
0
 
digitapCommented:
um, sure.  thanks for the points!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 27
  • 17
  • 12
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now