Solved

Creating a Static Route in Sonicwall NSA 240 between 2 Class C Networks

Posted on 2011-09-07
20
2,948 Views
Last Modified: 2012-05-12
I'm currently trying to tie together 2 networks using a route in Sonicwall OS Enhanced

Network 1
IP: 192.168.17.x
Subnet: 255.255.255.0
Interface X0 on sonicwall

Network 2
IP: 192.168.11.x
Subnet: 255.255.255.0
Interface X3 on sonicwall

The route I try to put in is the following:
 Sonicwall OS Enhanced Screenshot
What am I missing to make the 2 networks talk to each other. I know I can tie them together by changing the subnet to 255.255.0.0 or changing IPs to Class A 10.x.x.x, but don't want to do that because of the labor involved. If I could just setup a static route and accomplish this without having to change the Static IPs on all my servers and such it would save a ton of time.

Thank you,
0
Comment
Question by:homergfunk
  • 10
  • 9
20 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 36497250
When you created the X3 interface, the sonicwall automatically setup the routes. As long as the gateway IS the sonicwall, then the routing is taken care of.

The issue you may be experiencing quite possibly be the firewall access rules. When you created the zone you assigned the X3 interface, what kind of zone did you make it? Is it Trusted? Consider going to Firewall > Access Rules and review the rules between X3 <> X0.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36497312
They are all the same Zone LAN. Here are the Screenshots:

 access rules interfaces
0
 
LVL 33

Expert Comment

by:digitap
ID: 36497729
Being in the same zone should fix any firewall issues. Looking at your routes, I think they Interface is reversed. The interface should match the Destination subnet. So, route 1 has the X0 subnet as the destination so the Interface needs to be X0. Vice versa for route 2.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36498324
Ok tried reversing the interfaces on my Routes. No go

Using only Route #1 as defined in my first screenshot on the question.I deleted Route #2 and then I am able to ping my gateway on the other network 192.168.17.1 from any 192.168.11.x computer. However, anything else on the 192.168.17.x network is unavailable from the other network. Progress, but not quite there yet.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36498344
Disregard last response, deleted all my custom routes and im still able to get access to 192.168.17.1 from the 11 address. Back to square one.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36498378
So, without any custom routes and 192.168.17.0/24 on X1 and 192.168.11.0/24 on X3, you can ping anything on 192.168.11.0/24 from 192.168.17.0/24, but not 192.168.17.0/24 to 192.168.11.0/24, correct?
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36498417
Correct, although I can't access file shares going from 192.168.17.0/24 to 192.168.11.0/24. Ping does work in that direction though.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36498468
When you connect, are you trying to use DNS name or IP? I'm thinking that, as it stands, the sonicwall should know how to route the traffic. When you setup the interfaces, it automatically creates the routes. Something else is going on. If ping works both directions, but you can't get to file shares, then it's possible it's simply DNS needs to be setup.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36498526
I'm using IP. The sonicwall grabs the DNS setting from the DNS server on 192.168.17.3 and DHCP for 192.168.17.x is handled by the same server as well.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 33

Expert Comment

by:digitap
ID: 36498645
so, UNC to a server on .17 from .11 doesn't show you shares? Please confirm that firewall access rules X0 <> X3 just to be certain we cover all our bases.

Also, what's handling DHCP on the .11?
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36498674
I can confirm that Access rules don't conflict with this. You can see in my Access rules screenshot that I have a Any Any Any rule for LAN to LAN, but went ahead and added a X0 <> X3 rule just incase. DHCP is handled by Sonicwall on the .11 range.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36498717
Sorry, you did provide that information already. Not being able to see things for myself, I suppose the next thing I'd do is create a zone and assign it to the X3 interface. Your sonicwall should be routing properly based on what I know of the hardware. Creating the zone will help us visually see things as separate within the access rules and routing tables.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36525155
I've requested that this question be deleted for the following reason:

I don't think this is possible given my current configuration. I will have to reconfigure the network to allow a more standard solution, such as changing subnet to 255.255.0.0.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 36525130
Changing the subnet mask isn't going to fix your routing issue. Two networks segregated by the same router should be able to communicate properly and your screen shots seem to indicate that the SW is configured properly. If it does, then THAT'S the solution to the question and should be chosen as such. However, I believe you have a different issue on your network causing the routing issue. I gave the advice to change the zone to a new zone which would provide a clearer picture of how traffic is flowing through the SW. This might, in the end, help solve the routing issue.

I don't agree with the premise that you've chosen to delete the question and I'm frustrated that is seems I've wasted my time helping you try to figure out what's going on your with your sonicwall.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36525156
The routing issue is deeper than changing the subnet according to digitap, further troubleshooting required.
0
 
LVL 3

Author Closing Comment

by:homergfunk
ID: 36525174
Thank you for the help, but I think the routing issue is much deeper and complex than I first believed the question to be. I now believe that the issues lie in the servers that are issuing DHCP / DNS.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36525321
@modguy :: I know. Not much to say.

@homergfunk :: I had one of those moments after clicking the submit button that I should have waited a little bit longer. Having a bad day I guess. Sorry to muck up your question with my drama.
0
 
LVL 3

Author Comment

by:homergfunk
ID: 36525376
No worries, my current situation is complicated from phasing out an existing network. I have a Essential Business Server 2008 installation and am working on phasing it out, since Microsoft DID phase it out. So I'm stuck with a bunch of proprietary Server 2008 installations and my business is expanding past the EBS model. I am currently side-stepping the Forefront TMG server due to a variety of issues I've run into with VOIP incompatibilities.  I need to decommission it completely and convert all the server installations to Server 2008 standard. No worries on the response, we all have days like that, again, I appreciate the help.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36525570
Sure. I appreciate your forgiveness. Good luck on the conversion. Sounds like a big job!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now