Solved

SonicWALL - Multiple subnet configuration

Posted on 2011-02-20
19
1,603 Views
Last Modified: 2012-09-08
So presently I have this configuration for one VPN leg (if you've followed previous discussions you'll know that this is ultimately going to be a set of two teamed / failover VPNs) set up and working on a Linksys RV042:
https://img.skitch.com/20110221-d2quxi749mdig26qmnrab5qwck.jpg

A diagram of the network topology is as follows:
https://img.skitch.com/20110219-gx38xuirrj6uymfkddmy6epxec.jpg

How would I duplicate this RV042 configuration on this particular SonicWALL TZ 180?

It sounds as though trunking and tagging perhaps would have been a better option?  However I'm not sure of how that would work on this unit yet either.  Any instructions or information as how to get set this out properly would be appreciated.

I simply want to do what's correct with this particular unit so whichever method to support the TOPOLOGY DIAGRAM above would be optimal vs simply duplicating the configuration.
0
Comment
Question by:gpsocs
  • 10
  • 9
19 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 34940571
you simply need to add a route to the sonicwall for each subnet and the gateway that manages those subnets.  there is a router in between the networks and the sonicwall.  i'm not even considering the VPN because the sonicwall isn't responsible for managing the vpns.  you simply need to tell the sonicwall how to route traffic to those subnets.  also, i assume that between the sonicwall and Office 1, there is a VPN.  if so, then you'll want to make ALL subnets that will go across the VPN part of the VPN.

hope i'm understanding right.
0
 

Author Comment

by:gpsocs
ID: 34940584
There is NO VPN between Office 1 and the SonicWALL.  This is a temporary solution for a client that is testing the solution until we get them integrated into the "MPLS" VPN cloud.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34940594
ah, this is good.  removing the VPN there really makes things less complicated. then you'd only need to add the route for their subnet when they are part of the MPLS cloud.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:gpsocs
ID: 34940618
I'm assuming Network -> Routing -> Route Policies -> ADD... and then it gets a little dicey for me after this point.

Obviously the concept is solid, but the actual execution on this unit is disconcerting given the options.

Source: ?  ANY ? (Probably any)
Destination: ? ANY ? (Probably any)
Service: Any (I'm assuming that would be right here for all traffic)
Gateway: ? Default Gateway ? (Dunno)
Interface: Not sure on this one... probably WAN, but options are: WAN, LAN (obviously not OPT or WLAN)
Metric: 1 (not sure of this)
Disable route when the interface is disconnected: unchecked
Allow VPN path to take precedence: unchecked


Now, also, we may have a secondary Internet coming into this unit in the near term.  I assume we can use teaming / failover with the OPT port.  But boy, that's another topic for another crazy day. :)  I wish I only had this to worry about right now!  LOL
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 500 total points
ID: 34940651
i understand.  here's my take on the route.

Source: Any
Destination: Address object representing one of the subnets in Node 1, Node 2, Node N...
Service: Any
Gateway: whatever is managing the VPN for those subnets.  is it the router?  10.0.17.1? 10.10.11.1?
Interface: LAN.  Since the Router has an IP on the LAN subnet (this is right, right?), then the router would be the gateway and the interface is X0 (LAN).
Metric: 20.  this is the default for all the routes created on the sonicwall.
Disable route...: this is if you have a backup connection and you want something else to take over if it goes down.  i've used it before, but not very often.
Allow VPN...: used in rare instances.


regarding failover.  rather than go into it here, these KBs might answer your questions regarding it.  i'm including HA for grins and giggles...as if you don't already have enough information to assimilate!!!

Failover within the sonicwall:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7828

HA between two sonicwalls, by the way, you can configure internet failover in a HA configuration:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6234
0
 

Author Comment

by:gpsocs
ID: 34940671
So right now just "VPN 2" (AT&T, which is to be backup within the next few days) is active.  So essentially each node is just that, a node in the mesh.  We have, therefore at the Main Office router 10.10.11.1 and, in this example, 10.10.12.1 as the router at the other site with the HDX unit out there being at 10.10.12.50.  You can presently cut the larger router icon out of the mix as I currently am only dealing with the AT&T provided Cisco routers hooked to switches.
0
 

Author Comment

by:gpsocs
ID: 34940678
So example path: Office 1 HDX <-> Router <-> Internet <-> SonicWALL TZ 180 <-> 10.10.11.1 <-> 10.10.12.1 <-> 10.10.12.50
0
 
LVL 33

Expert Comment

by:digitap
ID: 34940685
whatever network the sonicwall does not know about, you simply create the route for that network and specify the gateway as being the router that DOES know about that subnet.  as long as the router has an interface on the LAN subnet which the sonicwall does know about, it will find the path just fine.
0
 

Author Comment

by:gpsocs
ID: 34940702
<sigh> So sorry to make you work for this one.  :)

So I'm looking here Gateway and I Add an Address Object:
Zone Assignment appears to obviously be LAN.  
Type... hrm, I could see it being a host in terms of directing traffic to that router a the Main Office, which is 10.10.11.1 OR I could see it being Network and the 10.10.12.0/24  network...  I'm sure I'm overthinking here now being about 2AM.

So then the same on the Destination, what am I looking at for that there?  I'm assuming Network for that one and probably Host for the previous Gateway option.

And yes, the LAN on the TZ 180 is directly connected to a Cisco switch which is hooked into the AT&T Ciscos router 10.10.11.1.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34940735
so, you want the destination to be the network on the other side of att connection and the gateway to be the att router.  sorry to cut off...hope it works. time for me and my pregnant wife to go to bed...12a here.  i'll be back at it in a few hours.
0
 

Author Comment

by:gpsocs
ID: 34940788
Yeah, that's it.  The destination is the 10.10.12.50 for now being the HDX over there or just generally the 10.10.12.0/24 network and the gateway on the Main Office side out to the VPN cloud is 10.10.11.1.

Understood.  I'm crashing out now as well.  4 kids and a plethora of other stuff so I know what you're going through. ;)  Yeah, I have to have this all in place in the morning after a 2 hour drive to the main site so I'm trying to get my ducks in a row before I set out.

The last thing I have to figure out is how in the heck I'm going to get a block of IPs on the current Internet we have in place vs the new one we're supposed to already have in place that has a very large c block of ips assigned.  <sigh>
0
 
LVL 33

Expert Comment

by:digitap
ID: 34942583
hehehe...you really do understand! so, are the public ips non-continguous?  typically, you just assign a public ip, configure the subnet mask and that's it.  what makes this batch of ips so challenging?
0
 

Author Comment

by:gpsocs
ID: 34942600
What makes it challenging at the moment is whether we even have one for this particular Internet connection we're using atm... :\  The other connection hasn't been dropped in the Main Office yet.  Blah.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34942659
oh...so, you are going from a crappy Internet connection to a better one?  sorry, must have stayed up too late.
0
 

Author Comment

by:gpsocs
ID: 34942763
Yeah, but I don't know how "crappy" crappy is actually until I can talk to someone who knows it since it's provided by the office building owners.  Blah.  I don't even have a good handle on the previous topology yet since I came into this midstream and am effectively tearing down and rebuilding as i go.  LOL

I'm wondering about buying a small block temporarily for this existant situation until we get the long term conn in place...  I just wish I could get a hold of someone at this point on site.

So yeah, I need to get those address objects config'd properly from our discussion last night.  Are you able to give me a little closer insight to the Destination and Gateway now that I've provided that information as well as how the Add Address Object dialog will be config'd for each of those two?  I think if I have that I'll be good.
0
 

Author Comment

by:gpsocs
ID: 34943176
So yeah, if I could get some clarity on that, that would be great.  I'm going to ask specifically what to ask in another question as I can assign some more points since the IP issues is a separate one and I could use some additional brain share as I ask the appropriate questions and get that resolved this morning.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 500 total points
ID: 34943257
sure.

Source: Any
Destination: Address Object representing NETWORK 10.10.12.0/24 in the LAN zone
Service: Any
Gateway: Address Object representing HOST 10.10.11.1 in the LAN zone
Interface: LAN
Metric: 20
Leave the two check boxes unchecked.

is your LAN subnet within the 10.10.11.0/24 subnet?
0
 

Author Comment

by:gpsocs
ID: 34943644
Yes, it is 10.10.11.0/24 on the local area network at Main Office.

Also, the IP issue is posted if you have interest.  Thanks so very much.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34943853
i am and have commented.  you're welcome and thanks for the points!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now