Establishing site-to-site VPN with Sonicwall TZ190 using mobile internet connection

Hi all,

I've got a little predicament. One of the site's that I am IT Admin for has no internet connectivity as of yesterday morning. The site uses AT&T DSL over a static IP assignment, which currently has a site-to-site VPN tunnel established to our colo facility which hosts their application servers. These servers are configured to interract with each site by sending print jobs, scan jobs, etc, through the local IP addresses. For example, user A processes an order through the server, then prints it out. The server then prints the order to user A's networked printer at IP address 192.168.34.9. The server is on 192.168.22.x network. AT&T, in all their infinate wisdom and responsiveness, has created an on-site visit for between noon and 4pm, which will cause this site to lose a lot of business. I was going to be on site when they open and tether my Android device's internet through my netbook to the Sonicwall, then establish VPN connectivity through Sonicwall Global VPN client on each workstation. The problem: printing and scanning won't work as the colo facility won't see the site's network, since a site-to-site isn't established.

Is there any way that I can provide internet access to the Sonicwall via my netbook, which is recieving it from my Android phone, and still get a site-to-site VPN established? T-Mobile obviously isn't providing a static IP address to the device, and I don't believe any software exists for Android that does site-to-site, not that it would matter since the phone isn't acting as the router.

Basically, accessing the colo facility's resources is not a problem through global VPN client, but the colo facility (app servers) seeing the peripheral devices of the remote site seems to be impossible using mobile internet.

Thanks in advance.
howejustinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I would be inclined to figure out some kind of business workaround (route phone calls for example). Your mobile internet is likely using a double NAT arrangement (mine does) which in turn prevents the site to site from working.

Unless you can figure out the settings (NAT Traversal comes to mind if you can set that), it will probably take longer to work it out than for AT&T to solve the problem.

... Thinkpads_User
howejustinAuthor Commented:
Thanks for the reply, and as nice as a business workaround sounds, it's not feasible at this time. The location is a pharmacy that receives walk-in clients as well as refill requests, and the other locations are not allowed by law to fill this location's scripts (and visa versa).

I can't wait until Cox cable provides service to that site's location. AT&T has been known for this type of thing before the other's switched over.

It would also be really nice for Sonicwall to put out an application that allows a computer to be the gateway of a network, so something like Global VPN client could still work and the site being VPN'd into could still see the remote resources via access through one machine at that remote site.
JohnBusiness Consultant (Owner)Commented:
Given the short time frame, there isn't too much you can work out before AT&T arrives.

My ISP here sells portable internet kits. These are devices you point to the sky for signal and have wired ethernet port to connect to. One of my volunteer outfits has one. It works better for VPN that some USB sticks and cellular cards.

Could AT&T provide one of these things tonight?  It might work.

I do not wish to irritate this situation, but what is your fall back for a lengthy outage? It does happen.

... Thinkpads_User


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

howejustinAuthor Commented:
No irritation at all, and thanks for the suggestion on the portable kit. I'll ask AT&T tonight about it.

As far as a fallback solution, there is none that would work with full functionality. The only thing we could do is to have a second static internet connection on-site through a different carrier, but the owners of the pharmacies would not give us permission to do that as it's a monthly cost that 99.9% of the time wouldn't be used. All but one other of our sites are on Cox communications (15 other sites), and they're very good about getting out their quick if something is wrong with their connection. AT&T though, with losing those 15 accounts in the last couple of years, just doesn't care and provides us standard service like they would a residential customer.

Not too much that can be done at this point, so I'll just roll with the punches tomorrow. Thanks again.
JohnBusiness Consultant (Owner)Commented:
Hello howejustin - Any update (now the next day)?  ... Thinkpads_User
howejustinAuthor Commented:
Update: AT&T was wrong on the phone when stating a power cycle would not fix it. I had one of my field guys go out and do so while waiting for them to arrive, and it fixed the problem. Turns out AT&T lost the scheduled time in their system anway, and they didn't have another available time until Tuesday between noon and 4. They refused to escalate it too, very odd. They've been out three times in the last year, so I still had them check everything out and supposedly the modem was bad. They replaced it and so far so good, as expected.

Accepting your alternate suggestion as a solution because it's the closest thing that has been posted. I still have yet to talk to AT&T about it, though, hah. I strongly dislike calling that company.
JohnBusiness Consultant (Owner)Commented:
Hello howejustin - Thank you very much. I was pleased to help out and enjoyed our discussion thread. Thanks again and good luck going forward. ... Thinkpads_User
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.