Solved

IPv4 Address Range Acquisition and Assignment

Posted on 2011-02-21
10
415 Views
Last Modified: 2012-05-11
I'm in a situation where a site has an existing Internet connection that we're using, but we have a larger pipe dropping soon that has a large c block assigned.  Notwithstanding, in the interim I have to deal with what we have.

I am not aware of the topology of their current infrasctructure except that they've given us a Cisco switch with 4 ports, each with a separate public ip assigned to each interface.  I am, unfortunately, needing a smallish block of IPs for this one interface right now (perhaps 5-10) and I am not exactly sure of the appropriate questions to ask nor what to tell them regarding getting this in position for my SonicWALL router to accept so that it can make the appropriate assignments for devices inside of it's network.

It seems that I may need to grok BGP and ASN's a little better to tell them what I want, but perhaps I'm going too far into implementation in my mind for this issue.

At any rate, I'd certainly appreciate understanding what I need to ask and explain a bit better to get this temporary fix in place.


0
Comment
Question by:gpsocs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 34943845
what i'm seeing is that you ask for a block of 5 IP addresses.  then, use one for the WAN interface, set the subnet mask...done.  if they are non-contiguous, you'll use one for the WAN interface along with the appropriate subnet mask.  then, use the KB below to get others "assigned" to the WAN interface.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7621

regarding the secondary internet, i'd assign it to an additional interface on the sonicwall and use routes to send traffic out of it as needed.  if you want to assign VPN connections, then i'd move the "crappy" internet to an additional interface making it a secondary WAN, then put the long-term internet on the X1 interface as the primary WAN.  you'll want to remember to move the ARP entries for the non-contiguous subnets if that's necessary.
0
 

Author Comment

by:gpsocs
ID: 34946670
Okay, I've got a range!  Only 4, but that's getting me from point A to B right now.

So where do I set the subnet for this particular scenario for utilization?  Example, let's say I have 123.123.123.123, .124, .125 and .126.  I'm not exactly sure where you're saying to set the subnet on this unit.  Just wanting to make sure I'm getting this right vs playing.
0
 
LVL 33

Accepted Solution

by:
digitap earned 475 total points
ID: 34946784
they should have given you an IP address with a subnet mask.  the subnet mask will define that you have four contiguous IP addresses starting with 123.123.123.123.  my guess is your subnet mask is 255.255.255.248 or 123.123.123.123/29.  this would be 6 hosts.  one for gateway, one for broadcast giving you a range of 123 - 126.

i'd use 123.123.123.123 as the WAN IP and the subnet mask of 255.255.255.248 (assuming this is what they gave you).  they should have provided you with a gateway and the DNS information.

go to network > interfaces.  edit the WAN interface and you'll see where the information should go.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Assisted Solution

by:caskrist
caskrist earned 25 total points
ID: 34960820
Yes digitap is right. When the subnetmask is setup you can use the other ip addresses when you use nat policies (or the public server wizard, which makes the nat policies for you), make sure you use the most recent firmware for your sonicwall.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 475 total points
ID: 34962290
indeed, up to date firmware is important, thanks for the reminder!  further, the public server wizard will setup the WAN > LAN firewall access rules.  it will also create three NAT policies, ingress; egress; loopback.
0
 

Author Comment

by:gpsocs
ID: 34971050
Okay, thanks.  

I ended up having an issue where connections are being made across the VPN from the 10.10.11.1 side, but not back up from the 10.10.12.0/24 side.  It has me quite baffled at the moment as to why suddenly traffic is altogether not seeming to pass back up and to connect with units up stream and still on our fabric.  Hrm.

So yeah, trying to sort this out today...
0
 

Author Comment

by:gpsocs
ID: 35073321
Blah, sorry, more delays in this one task and with these issues.  FINALLY back on this today.

Are you saying on the Network -> Interfaces -> General tab to use the IP address "123.123.123.123" with a subnet of 255.255.255.248 and then when setting up NAT for the various devices I just use an IP from that subnet?

Thanks again and thanks for your patience for the points assignment.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 475 total points
ID: 35073577
sure, no problem.

you are correct as the location of setting the WAN IP address. network > interfaces > WAN (X1). under the first tab you'll find where you can set the static IP. you'll need the IP 123.123.123.123, mask 255.255.255.248, and gateway (whatever they gave you).

for NAT, you could use either the IP assigned to the WAN or one of the others. the subnet mask based on the WAN IP would help determine what IP addresses can be used and the sonicwall can figure that out. use the public server wizard to setup the firewall access rules and the NAT policies. here's a kb for that information if you need it.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

0
 

Author Comment

by:gpsocs
ID: 35074039
Thanks, posted another question regarding the TZ180 just a few minutes ago if interested.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35074313
yup...just saw it. thanks for the points!
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5505 latency problem 8 71
Fortigate 200B - Invalid IP Address Range when trying to create 3 91
EIGRP Bandwidth 9 61
Tool to test the firewall  protection 9 83
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question