Sonicwall TZ100, AT&T Static IP PROBLEMS

I have a site to site VPN and need static IP's on both DSL connections from AT&T.  I can use dynamic DNS with the VPN so I know I can get the VPN connected but it is with dynamic IP's.  

I have the DSL modem in bridge mode and both sonicwall TZ100's receving dynamic and it works for a while.  I received a block of five IP's for both sites even though I only needed  one.  So I go into the WAN portion of the sonicwall and it will let me assign a static IP but I can't setup the subnet, gateway or anything.  Once I do this I hit apply and go back to and the IP is different.  

Am I missing something?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So what IP are you getting from Do you recognize it? Is is another one in the block of 5? Is it still one of the dynamic ones from before?
bhgewilsonAuthor Commented:
It is completely random.  It does not relate to the block of 5 at all.
You may want to download the latest firmware and boot to it after you backup your config. Which can be done under System -> Settings
Then under Network go to interfaces
you should see your WAN interface (which in default should be the X1 interface) if it is set to Static it will look like the attachedWAN config screen
Which gives you all the fields you need. If these fields are not displaying then you may have a problem with
the software on your UTM which is why my first suggestion is load new firmware.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

bhgewilsonAuthor Commented:
The problem is where do I put in the info for PPOE.  I still need to authenticate correct?
Or if the router looks likes it is properly configured, then maybe the modem isn't really behaving as a bridge. the problem could be there too.
If your Sonicwall is Authenticating AFTER YOU SELECT PPPoE you will get a third tab added to the pop-up for Protocol
it is under that tab you will put in specific IP information.
Why not use the modem to authenticate and take it out of bridge mode? That should make the IP address problem go away for sure, by setting it on the modem.
bhgewilsonAuthor Commented:
I do think that the modem is acting as a bridge because the VPN will work but just not stay connected and I come to find out that the external IP's are changing.

I know it will not work if I setup the modem as a bridge because the site to site VPN needs to be directly on the internet.  

I am not sure if I am answering the question correct but I am unsure what "after you select" is, on the sonicwall.
Yeah, so why not set the modem as a "modem" and configure "it" with the external IP settings including the static IP that you want and the PPPoE authentication settings and a LAN side IP on a subnet that is only for the "inside" (ethernet side) of the modem and the "outside" (WAN side) of the router. Then give the router a WAN IP in that subnet and keep its LAN IP in the subnet of your Local Network (as it already is).
Here goes again. I'm gong to assume your LANs have 192.168.1.x IPs with subnet masks of

In that scenario, you would do the following:

Take modem out of bridge mode and set it as follows

MODEM WAN: desired public IP with ISP's subnet mask, dg, and PPPoE settings
MODEM LAN: with subnet mask

Then the router:

ROUTER WAN: with subnet mask
ROUTER LAN: with subnet mask
You are over complicating this scenario Sonicwall would not be in business if the didn't give their product the ability to configure it in the manor in which it is to be used.
Select PPPoE fill out that information and then select teh Protocol tab on the top of that pop-up screen you will see this
PPPoe IP info screenProbelm solved.
bhgewilsonAuthor Commented:
kinecsys,  This will not allow the site to site vpn to connect if we run the modem in Nat Mode.  If I am wrong please let me know.
bhgewilsonAuthor Commented:
Schmitty, these are settings brought in by PPOE.  I can't change these in my setup for some reason.
Sure that's the right way. Full credit to you. Sometimes I've had to work around it if PPPoE doesn't "wan't" to work on the router or if the modem doesn't "want" to properly behave as a bridge. But definitely go with your answer if things behave. Just throwing out an alternative that may seem more complex but has actually saved me time in the past by doing it instead of figuring out whose fault it is: the modem not bridging? or the router not PPPoE'ing correctly?
bhgewilsonAuthor Commented:
Kinecsys,  Anytime you deal with AT&T it is a crapshoot and I appreciate the advice.  I would do that if the VPN was not involved.  Thanks for the advice.  I am still a little stuck but will continue to plug through this.
There's a lot of NAT going on between the two modems already, possibly traveling through a few ISP's and such. NAT can limit or allow communications in any way you configure it to do. The basic setup I am proposing does not imply any restrictions. If you manage to get internet, and the VPN ports are open (as we know they already are) the VPS should work without a problem.
If that information is prepopulating and its not populating your correct public IP information it is time to get AT&T on the phone to verify they actually assigned your modem those public IPs I had to argue once with an AT&T rep for almost an hour to get a situation like this fixed.
Good luck, man, let me know if you have any other questions on my humble idea.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.