Solved

Sonicwall Behind Home Router

Posted on 2011-03-01
10
711 Views
Last Modified: 2013-12-14
I have a sonicwall TZ150 assigned to me for my home to connect back to the office. I need to set this up behind my existing router (Netgear WNDR3700v2) because the sonicwall kills my speed since I have fiOS with 50Mbs down and 20Mbs UP. The sonicwalls max download is around 22Mbs. I need the speed because I connect to servers that I can max out my connection with hence my delimma.

I need to connect to my corporate netork but only for the ip range 192.168.1.xxx my local lan is 10.10.1.xxx  so my pc wil be connected directly to the Netgear but I need the network to know to pass any 192.168.1.xxx traffic to the sonicwall. The sonicwalll is all preconfigured to establish the connection back to the corporate network. I have access to the device and can make any changes I want as I am part of technical staff there but I can seem to get this to work .

Please help. Thank you
0
Comment
Question by:evengeekier
  • 5
  • 4
10 Comments
 
LVL 1

Expert Comment

by:csaroli
ID: 35014470
try putting your sonicwall router in the DMZ of the negear router. Although depending on the type of VPN your corporate office uses, this may not work.  Also i thought the sonicwall was 100 megabits, i could be wrong

What kind of VPN is it, client/server?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35014616
i'm not sure i undrstand. if the vpn is configured, put your netgear in bridge mode, put your public ip on the sonicwall and away you go. i'm guessing they put the sonicwall sa in agressive mode unless they know your public ip. also, i believe your limiting step will be the throughput ipsec processing ability of the 150 which may be at 22mb.

the vpn sounds like a site to site sonicwall vpn.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35017709
i went back and checked my datasheet on the 150 and i don't see any reference to the 22mb limitation.

since your IT has already configured your sonicwall's VPN, it should automatically route to the subnet without any intervention from you. getting the 150 connected to your home internet will be the trick.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:evengeekier
ID: 35018009
@csaroli - I did try adding it to the DMZ in my TS but it did not help. The Sonicwall is 100megabits on the internal lan for connectivity but the firewall throughput is limited. It is a site to site VPN.

@digitap - Your suggestions make a lot of sense, I will try them this evening. The 22Mbs limitation is real world - I am not sure what the datasheets say.

When my SW is connected as the main router my download maxes out at 22Mbs when my Netgear is connected its maxes out at 58Mbs. I need my NG to be the main router and have my SW behind it connecting to my corporate VPN. Which I can get to work (VPN is established and working, Phone, Laptop wired in) but only for devices that are connected directly to the SW.

My goal is to have my PC connected to my NG but route all 192.168.1.xxx traffic to the SW over the VPN. Not sure how to configure and connect the SW to my network to do this. Another NIC in my computer connected to the SW?

Thank you both for your prompt responses.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35019159
ok...i understand where you're getting the 22mb. there are somethings you can look at on the sonicwall to possibly help with the speed.

- What's the WAN negotiation set to? it's auto by default. go to the sonicwall > network > interfaces and edit the WAN interface. test 100mb/full; 100mb/half. see which one changes your egress/ingress speeds.

- what's the MTU? review the following article i wrote that walks through confirming your MTU on the WAN of the sonicwall is configured properly.

http://www.experts-exchange.com/viewArticle.jsp?articleID=3110

- are there any security services licensed. go to the sonicwall > system > status. on the right hand side, you'll see a list of items that are licensed on the sonicwall. look for content filter, gateway av, IPS, etc. you may need to disable those.

regarding the latter, you could put a second NIC in your workstation/laptop. you'd want two subnets. one for the NG and one for the sonicwall. set a static route on your device to use the sonicwall as the gateway for the 192.168.1.0/24 network. also, make sure that the NG gateway is a lower metric so default traffic will use the NG.

however, i believe you said you wanted your access to the servers at work via the VPN to experience the higher bandwidth beyond the 22mb. this traffic will go through the sonicwall regardless, so this will always be a limiting step if we can't figure out why your sonicwall is preventing you from experiencing the full bandwidth.

having said that, you COULD take the 150 out of the picture entirely and use the sonicwall Global VPN client.  however, if your work bandwidth is less than your 50mb at home, then this becomes the new limiting step rather than the 150. i assume they are the same or at least your work bandwidth is more than 22mb that the 150 is getting you at home right now.


sorry, i know that's a lot of think about.
0
 

Assisted Solution

by:evengeekier
evengeekier earned 0 total points
ID: 35152073
I ended up getting a second NIC card. I configured the network as follows:

Main Router = Netgear (IP =10.10.1.1 mask 255.255.255.0)

First PC NIC connected to NG static ip of 10.10.1.2
Sonicwall connected (LAN IP 192.168.123.1) to NG through the WAN port (SW WAN to NG LAN Port)
Second PC NIC connected to Sonicwall LAN port with static ip of 192.168.1.2

On my PC I issued the following 2 commands using CMD (Elevated to Admin)

route add 0.0.0.0 mask 0.0.0.0  10.10.1.1  metric 20 -p

route add 192.168.1.0 mask 255.255.255.0 192.168.123.1 metric 1 -p

The first command send all "regular" traffic to my NG router throut my first NIC. The second command routes all traffic for 192.168.1.x to the sonicwall through the second NIC.

The provides me with my full bandwidth to my FiOS connection and still connects me to my companys VPN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35152159
the author's final solution was suggested by me. request a new disposition using my solution here, http:#a35019159 as the final solution.
0
 

Author Comment

by:evengeekier
ID: 35152257
@digitap: I tried your suggestions but it did not change the throughput of the sonicwall since the bottleneck is the firewall (see attached pdf, highlighted on page 5) though they say 30Mbs real world I was only getting 22Mbs. I tried adjusting my MTU setting from 1500 to 1492, it did not help. There are no other security features licensed only Nodes/Users and VPN.

Your suggestion for how to configure my network with two nics was helpful. Thank you.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35152437
thanks! i appreciate that!
0
 

Author Closing Comment

by:evengeekier
ID: 35178835
Issue Resolved
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cradle point vpn to sonicwall 5 80
Expanding Subnet Mask 20 111
Ping Through ASA Firewall 6 40
unable to create the folder new folder too many files opened for sharing 3 108
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question