Solved

Sonicwall config for dual 2 subnets that talk to each other

Posted on 2014-02-28
9
992 Views
Last Modified: 2014-04-28
We have 2 sites with Sonicwall TZ-105 routers.  We have a cable that connects the 2 sites directly, and each site also has a WAN connection and an internal LAN, so on the back of the Sonicwall it would be X0 to LAN, X1 to WAN, and X4 I want to connect the 2 sites.  

I first tried to assign 192.168.1.x to LAN1, and 192.168.2.x to LAN2, then 192.168.100.x to the X4 interfaces on each end, so Router1 has 192.168.100.1 and Router2 has 192.168.100.2.  I then tried to set up a static route (I'm not familiar with this so I may have gotten it wrong). The static route stated that the 192.168.1.0 and 192.168.2.0 (on the respective routers) subnets were across the X4 interface and to go out the Gateway IP of the X4 interface.  I was unable to ping across X4 at all.  I experimented with this for a while before trying something else.

I found a guide on the net that said to do it as follows:
On Router1 I set up the X4 interface to portshield to X0, meaning that X4 is simply a switchport attached to X0, so no IP is assigned to that port.  On router2, I assigned X4 an IP address from the scheme of Router1 (192.168.1.249),  Then the guide said to set X4 interface to the "WAN" zone.  I did this and the link now works, but it is very slow and I constantly lose connectivity for a few seconds, so I don't think this configuration is best.  

I would like PROPER instructions to connect 2 LANs (on X0 of the routers) through the hardline I have on X4.  Please do not post back with vague comments on possible issues with my config.  Assume I have reset the routers to factory defaults and I am starting over.  Thanks.
0
Comment
Question by:dbestcomputers
  • 4
  • 2
  • 2
9 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 39897319
Your x4 must have an IP using a /252
192.168.254.250/30
One sonicwall will have 192.168.254.251/30 while the other 192.168.254.252/30
You then will eighter configure the two sonicwall to advertise their LAN and possibly a less preferred route to the outside that will function as a failover in case the WAN connection drops.
0
 

Author Comment

by:dbestcomputers
ID: 39897630
How do I set up advertising the LAN over the X4 connection, I assume it has something to do with enabling RIP or setting a static route?  I think that's the part I'm most confused about.  Can you walk me through that?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39897638
I did this like your second attempt and it works.
Sonicwall1 port sheild x4 to x0
Sonciwall2 x4 assign ip in LAN range of sonicwall 1. Zone isn't important unless you want firewall rules. If you are bridging lans like I was, just leave it as LAN
Plug in x4 to x4
Sonicwall1 make address object for sonicwall2 network (let's call it s2)
Set traffic to s2 to use x4 and sonicwall2 x4 ip as it's gateway
Same thing in reverse on the sonicwall2

I can help with better specifics when I'm back in the office and can see my sonicwall Monday if you still need help.
0
 
LVL 76

Expert Comment

by:arnold
ID: 39897699
One way is to setup a static map
SONICWALL1 192.168.254.1
SONICWALL2 192.168.254.2
Sonicwall1
LAN_OF_SONICWALL2 via 192.168.254.2
Sonicwall2
LAN_OF_SONICWALL1 via 192.168.254.1

See if the Aaron's guidance to your initial attempt is sufficient, or whether you want to have any control of inter-lan traffic. i.e. Limit .....

Here is a guide to setup dynamic advertising between two location. This type of setup simplifies things down the road if you ever add additional segments.


The example covers a VPN to connect, but you can use this example to map the X4 interface and the VPN in the event the X4 connection gets cut.
http://www.sonicwall.com/downloads/SonicWALL_Failover_Network_Designs.pdf
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Accepted Solution

by:
dbestcomputers earned 0 total points
ID: 40006515
Sorry it's been a little while, I've had some other projects I got stuck on.  

I really wanted it to work without a VPN, just using routing to get from my router1 subnet to my router2 subnet using the X4 subnet as an intermediary., but I couldn't get that to work in any way,

As for Aaron's mention of portshielding the X1 to the X4 on one router and linking the second router with an IP from Router1.  That works, but the connection was extremely slow for me.  I assume because the WAN link is in router1's multicast domain so there is extra traffic going over the link, but I'm not really sure, it was just extremely slow.  

Eventually I set up a seperate subnet on X4, made it a WAN zone, created a VPN over it, and that works fine.  I didn't want to have the VPN because it creates extra overhead we could be using for bandwidth (it's a very low speed link), but I do have it working via this method.  

arnold's method is waht I was going for, but I couldn't get it to work with static mappings or route advertisement, and that's the reason for creating the thread was to get some step by step directions...
0
 

Author Comment

by:dbestcomputers
ID: 40006924
I've requested that this question be closed as follows:

Accepted answer: 0 points for dbestcomputers's comment #a40006515

for the following reason:

I really wanted to to work via route advertisement and static mappings, keeping the subnets completely seperated by a subnet in the middle, but I wasn't able to get that result.  Instead I set up a VPN over the "WAN" link that was X4 to X4.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40006925
You found two solutions that worked, one was slow for you and one used a VPN, but these are both still solutions. My solution was in place on my network for over a year and was not slow at all. If you needed help trying to get it working faster you should have asked.
0
 

Author Comment

by:dbestcomputers
ID: 40013387
OK whatever, I'll accept the solution, I don't have time to waste on this.  

However, the solution given was not working.  "Slow" really doesn't justfy what was happening on the link, I should've been more specific, I could get 2 of 5 pings across usually, and the other 3 timed out.  So we can prove there is "some" connection by pings but no data could be passed across the link. I don't consider that working at all.  

You were specific in your configuration details as I requested but it really wasn't a valid solution IMO.

Also, the VPN solution (which actually worked) was MY solution, which I TRIED to accept as the solution before your rebuttal.....

Anyway, don't care, don't have time, here you go buddy.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now