[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

routing thru internal router

Posted on 2010-09-23
14
Medium Priority
?
327 Views
Last Modified: 2012-05-10
Hi Experts,
I have a Sonicwall TZ 170 that I have connected to my internal network to separate 2 networks from each other.  I connected the WAN port of the TZ170 to my main network with an address of 192.168.1.29  with the gateway of the Internet router (DHCP to test) which is the sub net for my main network. I then connected the 2nd network to one of the lan ports of thr TZ 170  with an IP of  10.10.10.1. I connected a computer to one of the other Lan ports and I am able to get to all the computers on the  192.168.1 side. The problem is I can not get to the 10.10.10 side from the 192.168.1 side. I have setup a rule to allow all wan to lan, still not working.
Thank You
John
0
Comment
Question by:DjJohnny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
14 Comments
 
LVL 2

Expert Comment

by:fs40490
ID: 33748546
Do you have a route on the main router pointing 10.10.10.0/24 to the sonicwall?

It sounds like the external network does not know how to get to the 10.x network.  The reason it is probably working in the other dorection is because the 170 is NATing the connection to the main LAN.
0
 

Author Comment

by:DjJohnny
ID: 33748835
Thank you,

No I do not have a route on the main router pointing to 10.10.10.0/24. What I did is set the gateway of the computer on the 192.168.1 side to 192.168.1.29. Should I be able to communicate between the 2 systems that way?
0
 
LVL 2

Expert Comment

by:fs40490
ID: 33748892
yes that should work from a routing perspective.  Now you probably have a policy restriction on the 170.  There is probably not a policy to allow from untrust (or WAN or similar) to trust (or LAN or similar).

The issue is that generally most firewalls default to allow everything out but nothing in.  Now you have to open up the device to allow traffic in.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:DjJohnny
ID: 33748953
I have setup a rule to allow all wan to lan, still not working.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33751063
You have to tell your 192.168.1.0 router how to get to the 10.10.10.0/24 network.  You need to put a route on your 10.10.10.0/24 router to indicate the WAN IP of the sonicwall as the gateway for any host on the 192.168.1.0/24 network to get to hosts on teh 10.10.10.0/24 network.  You can get to the 192.168.1.0/24 network as the WAN interface has an IP on that network so it knows how to route to that network.  Now, you just need to do this for your 192.168.1.0/24 router.
0
 

Author Comment

by:DjJohnny
ID: 33807849
I finally go back to this. My router only lets me create a route is I disable NAT(Linksys E1000). When I do this it works. What dose disabling NAT do? Will there be any problems on the WAN side network by doing this?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33807922
The Linksys E1000 is your Internet firewall?  I'm not familiar with Internet, but as long as you have the firewall enabled, you'll still be protected.  Although, if you are routing anything external to internal (like an Exchange server), then that won't work any more.

So, you did this?

- Disable NAT
- Create Route
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24?

Or, did you do this?

- Disable NT
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24?
0
 

Author Comment

by:DjJohnny
ID: 33808127
- Disable NAT
- Create Route  This route was there by default.
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24

I am doing this  to setup 2 ip Phones on the 10.10.10.0 / 24 side that is the only traffic I need to pass. With the NAT off I cannot Remote desktop from one network to another. This is not a problem.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33808171
With NAT disabled on the Linksys, you cannot remote desktop from the Internet (home) into your network?

Why don't you move the sonicwall to the Internet, make the LAN the 192.168.1.0/24 and the OPT port 10.10.10.0/24?  Then, you can route between the two network through the sonicwall removing the need for the Linksys.  Then, you can still have external access to your internal networks.  thoughts?
0
 

Author Comment

by:DjJohnny
ID: 33808326
That is a great Idea !  Can I plug the Opt port into the same switch that the Lan port is in , and use the  same physical cabling to carry the 10.10.10.0 /24 network?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33808386
no...that will cause some issues with routing the traffic.  if it's a managed switch, you can create a vlan to segrgate the two networks then you can connect the two  what kinjd of switch do you have?
0
 

Author Comment

by:DjJohnny
ID: 33808434
It is not a managed switch. To get to the sonicwall I have to go over a microwave link to a bulding across the street. That is why I have the linksys on the switch on the remote side of the microwave link.
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 33809037
OK...so there goes that idea...you might consider putting the sonicwall in bridge mode.  here's a KB article from SW about that:

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8223


thoughts?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33850847
Glad it worked out and thanks for the points!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question