Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.
COURSE of the MONTH
15 days, 14 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
some help on getting a site to site vpn to work
Posted on 2012-12-31
I have a client who is going to have his home office to connect to the corporate network for mainly move his extension to his home office. The main reason for the site to site. He has a verizon FIOS home DHCP service on a Verizon router with a Sonicwall tz105 and fixed IP on the corporate side with a static DSL bridged mode to a Sonicwall 100.
For this one, how do I get the home side configured behind the Verizon router? I was thinking I put the Sonicwall in a DMZ, then connect the computer and phone as a hardwire to the Sonicwall, but am not familiar with the Verizon router and if it even has those kinds of options.
Then I want to use the firewall name as the identifier correct? Since the WAN IP will change from time to time...
Anyone have input or have done this sort of setup before?
For this one, how do I get the home side configured behind the Verizon router? I was thinking I put the Sonicwall in a DMZ, then connect the computer and phone as a hardwire to the Sonicwall, but am not familiar with the Verizon router and if it even has those kinds of options.
Then I want to use the firewall name as the identifier correct? Since the WAN IP will change from time to time...
Anyone have input or have done this sort of setup before?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +1
5 Comments
Verizon router supports a single computer in a DMZ...
DMZ (Demilitarized Zone) Host
The DMZ host feature allows one device on the network to operate outside the firewall. Designate a DMZ host:
• To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available.
• To expose one computer to all services without restriction or security.
Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security implications and protect it if necessary.
If the phone is VOIP, can you have your phone vendor reprogram the phone to go over the internet and allow the traffic through your corporate firewall. I have a friend who's in Arizona (Long Distance Telecommute) who has his corporate VOIP phone go over the internet (no VPN) back to CT so he can have his old extension. A VPN is easier since you don't have to change the phone. Just thought I'd mention it.
DMZ (Demilitarized Zone) Host
The DMZ host feature allows one device on the network to operate outside the firewall. Designate a DMZ host:
• To use an Internet service, such as an online game or video-conferencing program, not present in the Port Forwarding list and for which no port range information is available.
• To expose one computer to all services without restriction or security.
Warning: A DMZ host is not protected by the firewall and may be vulnerable to attack. Designating a DMZ host may also put other computers in the local network at risk. When designating a DMZ host, consider the security implications and protect it if necessary.
If the phone is VOIP, can you have your phone vendor reprogram the phone to go over the internet and allow the traffic through your corporate firewall. I have a friend who's in Arizona (Long Distance Telecommute) who has his corporate VOIP phone go over the internet (no VPN) back to CT so he can have his old extension. A VPN is easier since you don't have to change the phone. Just thought I'd mention it.
Active 7 days ago
Just to clarify are you saying they are using the verizon router and a sonicwall in line? Why not take the verizon box out of the picture? FIOS can give you an ethernet plug rather than the coax if that is the current issue. If you don't want to mess with that then just log into the FIOS router and do a port forward on 1723 or whatever port you are using for your VPN connection then all will be good.
I would register with dyndns and input those settings into the verizon router so everytime the IP changes it will update the dyndns and then just use FQDN for the vpn.
I would register with dyndns and input those settings into the verizon router so everytime the IP changes it will update the dyndns and then just use FQDN for the vpn.
Active 2 days ago
I will talk to phone vendor to see if our system can do that.
Wrw- yes, I normally just put the verizon router into bridge mode and leave it as that, but the DHCP function doesn't seem to work and the sonicwall never gets an IP address. This is both in line and without the router.
As for dynamic dns.... I forgot about that... let me check that out...
Wrw- yes, I normally just put the verizon router into bridge mode and leave it as that, but the DHCP function doesn't seem to work and the sonicwall never gets an IP address. This is both in line and without the router.
As for dynamic dns.... I forgot about that... let me check that out...
I think Fizicist and Wrwiii12 already nailed it.
I have more than a dozen clients setup via Sonicwall Site-to-site vpn between their home corporate offices.
a) What I would do is get the dyndns on the verizon router/modem.
b) I leave the verizon router on the default of 192.168.1.1(those verizon techs are fun of calling customers and having them reset the thing by pushing the button....so while my customers know not to reset without talking to me, I always make sure my setup is prepared for it anyway)
c) I make sure my Sonicwall is in any other network other than (i) The Verizon router network and (ii) the Corporate network - I know (ii) is VPN-101 but thought I should throw that in there in any case.
d) I place my my router's WAN IP(which is an IP on Verion's LAN) on the verizon's DMZ - For example, I could pick 192.168.1.200
e) From this stage, everything else is straight forward. Just reference the home router via the FQDN and pretend as though the Verizon router does not exist at at all since it is passing everything to the sonicwall.
f) I forgot to mention that I don't discourage myself from taking the verzion router of of the picture completely becuase I don't want the cable guy coming over to troubleshoot the DVR systems and setup boxes and have to involve me. Let him just deal with their LAN....which is my WAN.
Hope this throws my light. Again I have NOT said anything that Fizicist and Wrwiii12 didn't already cover in their comments.
I have more than a dozen clients setup via Sonicwall Site-to-site vpn between their home corporate offices.
a) What I would do is get the dyndns on the verizon router/modem.
b) I leave the verizon router on the default of 192.168.1.1(those verizon techs are fun of calling customers and having them reset the thing by pushing the button....so while my customers know not to reset without talking to me, I always make sure my setup is prepared for it anyway)
c) I make sure my Sonicwall is in any other network other than (i) The Verizon router network and (ii) the Corporate network - I know (ii) is VPN-101 but thought I should throw that in there in any case.
d) I place my my router's WAN IP(which is an IP on Verion's LAN) on the verizon's DMZ - For example, I could pick 192.168.1.200
e) From this stage, everything else is straight forward. Just reference the home router via the FQDN and pretend as though the Verizon router does not exist at at all since it is passing everything to the sonicwall.
f) I forgot to mention that I don't discourage myself from taking the verzion router of of the picture completely becuase I don't want the cable guy coming over to troubleshoot the DVR systems and setup boxes and have to involve me. Let him just deal with their LAN....which is my WAN.
Hope this throws my light. Again I have NOT said anything that Fizicist and Wrwiii12 didn't already cover in their comments.
Active 2 days ago
Sorry forgot to get back to you guys. The DMZ worked idea worked well in combination to DynDNS. Registered it, gave it a half day, then set up the site to site, and it connected as usual.
The Phone can't be done in the manner which Fiz had mentioned because it doesn't handle that kind of dialing or something to that effect. The phone vendor told me we would need some other kind of system/card/interface that was anther grand.
The Phone can't be done in the manner which Fiz had mentioned because it doesn't handle that kind of dialing or something to that effect. The phone vendor told me we would need some other kind of system/card/interface that was anther grand.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
When you try to share a printer , you may receive one of the following error messages.
Error message when you use the Add Printer Wizard to share a printer:
Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
- Networking Hardware-Other
- MultiMedia Applications
- Switches / Hubs
- Displays / Monitors
- ATEN Technology
- Hardware, Network Architecture, *Kernel-based Virtual Machine (KVM)
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month15 days, 14 hours left to enroll
741 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.