Solved

Sonicwall TZ100, AT&T Static IP PROBLEMS

Posted on 2012-04-13
18
605 Views
Last Modified: 2012-07-09
I have a site to site VPN and need static IP's on both DSL connections from AT&T.  I can use dynamic DNS with the VPN so I know I can get the VPN connected but it is with dynamic IP's.  

I have the DSL modem in bridge mode and both sonicwall TZ100's receving dynamic and it works for a while.  I received a block of five IP's for both sites even though I only needed  one.  So I go into the WAN portion of the sonicwall and it will let me assign a static IP but I can't setup the subnet, gateway or anything.  Once I do this I hit apply and go back to www.ipchicken.com and the IP is different.  

Am I missing something?
0
Comment
Question by:bhgewilson
  • 8
  • 6
  • 4
18 Comments
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842615
So what IP are you getting from IPChicken.com? Do you recognize it? Is is another one in the block of 5? Is it still one of the dynamic ones from before?
0
 

Author Comment

by:bhgewilson
ID: 37842638
It is completely random.  It does not relate to the block of 5 at all.
0
 
LVL 4

Accepted Solution

by:
schmitty007 earned 500 total points
ID: 37842643
You may want to download the latest firmware and boot to it after you backup your config. Which can be done under System -> Settings
Then under Network go to interfaces
you should see your WAN interface (which in default should be the X1 interface) if it is set to Static it will look like the attachedWAN config screen
Which gives you all the fields you need. If these fields are not displaying then you may have a problem with
the software on your UTM which is why my first suggestion is load new firmware.
0
 

Author Comment

by:bhgewilson
ID: 37842655
The problem is where do I put in the info for PPOE.  I still need to authenticate correct?
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842674
Or if the router looks likes it is properly configured, then maybe the modem isn't really behaving as a bridge. the problem could be there too.
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37842681
If your Sonicwall is Authenticating AFTER YOU SELECT PPPoE you will get a third tab added to the pop-up for Protocol
it is under that tab you will put in specific IP information.
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842686
Why not use the modem to authenticate and take it out of bridge mode? That should make the IP address problem go away for sure, by setting it on the modem.
0
 

Author Comment

by:bhgewilson
ID: 37842731
I do think that the modem is acting as a bridge because the VPN will work but just not stay connected and I come to find out that the external IP's are changing.

I know it will not work if I setup the modem as a bridge because the site to site VPN needs to be directly on the internet.  

I am not sure if I am answering the question correct but I am unsure what "after you select" is, on the sonicwall.
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842781
Yeah, so why not set the modem as a "modem" and configure "it" with the external IP settings including the static IP that you want and the PPPoE authentication settings and a LAN side IP on a subnet that is only for the "inside" (ethernet side) of the modem and the "outside" (WAN side) of the router. Then give the router a WAN IP in that subnet and keep its LAN IP in the subnet of your Local Network (as it already is).
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 7

Expert Comment

by:kinecsys
ID: 37842818
Here goes again. I'm gong to assume your LANs have 192.168.1.x IPs with subnet masks of 255.255.255.0

In that scenario, you would do the following:

Take modem out of bridge mode and set it as follows

MODEM WAN: desired public IP with ISP's subnet mask, dg, and PPPoE settings
MODEM LAN: 10.0.0.10 with subnet mask 255.0.0.0

Then the router:

ROUTER WAN: 10.0.0.20 with subnet mask 255.0.0.0
ROUTER LAN: 192.168.1.1 with subnet mask 192.168.1.1
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37842842
You are over complicating this scenario Sonicwall would not be in business if the didn't give their product the ability to configure it in the manor in which it is to be used.
Select PPPoE fill out that information and then select teh Protocol tab on the top of that pop-up screen you will see this
PPPoe IP info screenProbelm solved.
0
 

Author Comment

by:bhgewilson
ID: 37842859
kinecsys,  This will not allow the site to site vpn to connect if we run the modem in Nat Mode.  If I am wrong please let me know.
0
 

Author Comment

by:bhgewilson
ID: 37842876
Schmitty, these are settings brought in by PPOE.  I can't change these in my setup for some reason.
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842890
Sure that's the right way. Full credit to you. Sometimes I've had to work around it if PPPoE doesn't "wan't" to work on the router or if the modem doesn't "want" to properly behave as a bridge. But definitely go with your answer if things behave. Just throwing out an alternative that may seem more complex but has actually saved me time in the past by doing it instead of figuring out whose fault it is: the modem not bridging? or the router not PPPoE'ing correctly?
0
 

Author Comment

by:bhgewilson
ID: 37842901
Kinecsys,  Anytime you deal with AT&T it is a crapshoot and I appreciate the advice.  I would do that if the VPN was not involved.  Thanks for the advice.  I am still a little stuck but will continue to plug through this.
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842908
There's a lot of NAT going on between the two modems already, possibly traveling through a few ISP's and such. NAT can limit or allow communications in any way you configure it to do. The basic setup I am proposing does not imply any restrictions. If you manage to get internet, and the VPN ports are open (as we know they already are) the VPS should work without a problem.
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37842910
If that information is prepopulating and its not populating your correct public IP information it is time to get AT&T on the phone to verify they actually assigned your modem those public IPs I had to argue once with an AT&T rep for almost an hour to get a situation like this fixed.
0
 
LVL 7

Expert Comment

by:kinecsys
ID: 37842917
Good luck, man, let me know if you have any other questions on my humble idea.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now