routing thru internal router

Hi Experts,
I have a Sonicwall TZ 170 that I have connected to my internal network to separate 2 networks from each other.  I connected the WAN port of the TZ170 to my main network with an address of 192.168.1.29  with the gateway of the Internet router (DHCP to test) which is the sub net for my main network. I then connected the 2nd network to one of the lan ports of thr TZ 170  with an IP of  10.10.10.1. I connected a computer to one of the other Lan ports and I am able to get to all the computers on the  192.168.1 side. The problem is I can not get to the 10.10.10 side from the 192.168.1 side. I have setup a rule to allow all wan to lan, still not working.
Thank You
John
DjJohnnyAsked:
Who is Participating?
 
digitapCommented:
OK...so there goes that idea...you might consider putting the sonicwall in bridge mode.  here's a KB article from SW about that:

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8223


thoughts?
0
 
fs40490Commented:
Do you have a route on the main router pointing 10.10.10.0/24 to the sonicwall?

It sounds like the external network does not know how to get to the 10.x network.  The reason it is probably working in the other dorection is because the 170 is NATing the connection to the main LAN.
0
 
DjJohnnyAuthor Commented:
Thank you,

No I do not have a route on the main router pointing to 10.10.10.0/24. What I did is set the gateway of the computer on the 192.168.1 side to 192.168.1.29. Should I be able to communicate between the 2 systems that way?
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
fs40490Commented:
yes that should work from a routing perspective.  Now you probably have a policy restriction on the 170.  There is probably not a policy to allow from untrust (or WAN or similar) to trust (or LAN or similar).

The issue is that generally most firewalls default to allow everything out but nothing in.  Now you have to open up the device to allow traffic in.
0
 
DjJohnnyAuthor Commented:
I have setup a rule to allow all wan to lan, still not working.
0
 
digitapCommented:
You have to tell your 192.168.1.0 router how to get to the 10.10.10.0/24 network.  You need to put a route on your 10.10.10.0/24 router to indicate the WAN IP of the sonicwall as the gateway for any host on the 192.168.1.0/24 network to get to hosts on teh 10.10.10.0/24 network.  You can get to the 192.168.1.0/24 network as the WAN interface has an IP on that network so it knows how to route to that network.  Now, you just need to do this for your 192.168.1.0/24 router.
0
 
DjJohnnyAuthor Commented:
I finally go back to this. My router only lets me create a route is I disable NAT(Linksys E1000). When I do this it works. What dose disabling NAT do? Will there be any problems on the WAN side network by doing this?
0
 
digitapCommented:
The Linksys E1000 is your Internet firewall?  I'm not familiar with Internet, but as long as you have the firewall enabled, you'll still be protected.  Although, if you are routing anything external to internal (like an Exchange server), then that won't work any more.

So, you did this?

- Disable NAT
- Create Route
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24?

Or, did you do this?

- Disable NT
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24?
0
 
DjJohnnyAuthor Commented:
- Disable NAT
- Create Route  This route was there by default.
- Traffic works back and forth between 192.168.1.0/24 and 10.10.10.0/24

I am doing this  to setup 2 ip Phones on the 10.10.10.0 / 24 side that is the only traffic I need to pass. With the NAT off I cannot Remote desktop from one network to another. This is not a problem.
0
 
digitapCommented:
With NAT disabled on the Linksys, you cannot remote desktop from the Internet (home) into your network?

Why don't you move the sonicwall to the Internet, make the LAN the 192.168.1.0/24 and the OPT port 10.10.10.0/24?  Then, you can route between the two network through the sonicwall removing the need for the Linksys.  Then, you can still have external access to your internal networks.  thoughts?
0
 
DjJohnnyAuthor Commented:
That is a great Idea !  Can I plug the Opt port into the same switch that the Lan port is in , and use the  same physical cabling to carry the 10.10.10.0 /24 network?
0
 
digitapCommented:
no...that will cause some issues with routing the traffic.  if it's a managed switch, you can create a vlan to segrgate the two networks then you can connect the two  what kinjd of switch do you have?
0
 
DjJohnnyAuthor Commented:
It is not a managed switch. To get to the sonicwall I have to go over a microwave link to a bulding across the street. That is why I have the linksys on the switch on the remote side of the microwave link.
0
 
digitapCommented:
Glad it worked out and thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.