Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sonicwall as a Router

Posted on 2011-09-19
14
Medium Priority
?
239 Views
Last Modified: 2012-05-12
Hi,

We have recently had an unmanaged 100meg internet service installed by virgin.

They have provided us with a wan address and gateway on a /30 network as well as a public lan range of /27 which are our external addresses.

We have 2 Sonicwall NSA 3500 firewalls in failover mode which i would like to use as the gateway to our network. I would like to avoid buying a router to sit in between the two networks. Below is how i'm guessing that virgin envisage the network, however id like to remove the need for a router at our end.
                     
LAN ---- SW NSA /27 ----- /27 OUR ROUTER /30----- | ----- /30 VIRGIN ROUTER ----- INTERNET

Is it possible to create a sub interface on the Sonicwall and the appropriate routing rules so that the sonicwall can take care of the routing to virgin and also onto our lan? and if so any pointers would be most appreciated.

0
Comment
Question by:Eschmann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 10

Accepted Solution

by:
Benjamin MOREAU earned 2000 total points
ID: 36561623
Hi,

In all my SonicWall deployement, i configure public IP adress directly on my SonicWall (for you the /30 adress). And after, Virgin route all your /27 IP adress on your SonicWall.

You just have to create rules on your sonicwall like with "original destination IP = your /27 IP adress".

I have explain how i do.. but i'm in France; maybe Virgin can't do this...
0
 

Author Comment

by:Eschmann
ID: 36565589
could you be more specific as to which type of rules?

routes? NAT rules?
0
 
LVL 10

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 2000 total points
ID: 36565785
Just configure your WAN interface with /30 Ip addres (like this : https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7449)

And after, just add NAT Rules & Firewall rules to use you public IP Pool (/27) :

Exemple NAT Rule for SMTP :
 Original Source : any
 Trans. Dest : Original
 Orig Dest : Your Public IP in /27 pool
 Trans dest : Your Mail server in your LAN
 Orig Service : SMTP
 Trans service : Original

Exemple FW Rule :
 From : WAN
 To : LAN
 Service : SMTP
 Source : Any
 Destination : Your public IP in /27 pool
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Eschmann
ID: 36566125
it doesnt seem to be working.

Would the firewall NAT packets that are destined for the /27 network when it doesnt have a presence on that network? (its only on the /30)

wouldnt it just be dropping the packets?
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36566357
If you run a packet capture are you seeing uncommitted.g packets for one of the intended IP addresses ? If the ISP is routing to you correctly you will see it in the packet capture. If not then they need to correct their routing first.  
0
 

Author Comment

by:Eschmann
ID: 36566385
I can see that the ISP are routing the packets to me correctly using packet capture however they are being dropped instead of forwarded on to a machine on my lan.
0
 
LVL 10

Expert Comment

by:Benjamin MOREAU
ID: 36566391
could you post a capture of your NAT rule & your FW rule ?
0
 

Author Comment

by:Eschmann
ID: 36566458
NAT rule to point traffic for an ip on the /27 network to a pc here running a telnet server
 NAT rule
FW rules(i know i dont need both)
 FW rule
Dropped packet monitor
 packet monitor
Virgin address1 is an address on the /27 range
Andy PC (EEW080) is a pc with a telnet server running on it (which i can connect to from machines on the LAN)

cheers guys!
0
 
LVL 10

Expert Comment

by:Benjamin MOREAU
ID: 36566627
Sorry, but could you post a capture of the detail (when you click on the pen) ?
0
 

Author Comment

by:Eschmann
ID: 36566657
here they are!
 nat fw
0
 
LVL 10

Expert Comment

by:Benjamin MOREAU
ID: 36566709
could you give the content of "virgin address 1" ?

Your rules are OK; your ISP is corrctly routing your public IP, so i think it's a problem with your object "virgin address 1"
0
 

Author Comment

by:Eschmann
ID: 36566733
virgin address 1 is an ip address on the /27 range supplied by the ISP
 vi1
0
 
LVL 10

Expert Comment

by:Benjamin MOREAU
ID: 36567188
..i don't see... maybe try to specify the "original service" in the NAT Rule & the "service" in the FW Rule.
0
 

Author Closing Comment

by:Eschmann
ID: 36574643
no idea why it wasnt working straight away but now it is!

thanks MOREAU37
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question