Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1116
  • Last Modified:

Sonicwall config for dual 2 subnets that talk to each other

We have 2 sites with Sonicwall TZ-105 routers.  We have a cable that connects the 2 sites directly, and each site also has a WAN connection and an internal LAN, so on the back of the Sonicwall it would be X0 to LAN, X1 to WAN, and X4 I want to connect the 2 sites.  

I first tried to assign 192.168.1.x to LAN1, and 192.168.2.x to LAN2, then 192.168.100.x to the X4 interfaces on each end, so Router1 has and Router2 has  I then tried to set up a static route (I'm not familiar with this so I may have gotten it wrong). The static route stated that the and (on the respective routers) subnets were across the X4 interface and to go out the Gateway IP of the X4 interface.  I was unable to ping across X4 at all.  I experimented with this for a while before trying something else.

I found a guide on the net that said to do it as follows:
On Router1 I set up the X4 interface to portshield to X0, meaning that X4 is simply a switchport attached to X0, so no IP is assigned to that port.  On router2, I assigned X4 an IP address from the scheme of Router1 (,  Then the guide said to set X4 interface to the "WAN" zone.  I did this and the link now works, but it is very slow and I constantly lose connectivity for a few seconds, so I don't think this configuration is best.  

I would like PROPER instructions to connect 2 LANs (on X0 of the routers) through the hardline I have on X4.  Please do not post back with vague comments on possible issues with my config.  Assume I have reset the routers to factory defaults and I am starting over.  Thanks.
  • 4
  • 2
  • 2
1 Solution
Your x4 must have an IP using a /252
One sonicwall will have while the other
You then will eighter configure the two sonicwall to advertise their LAN and possibly a less preferred route to the outside that will function as a failover in case the WAN connection drops.
dbestcomputersAuthor Commented:
How do I set up advertising the LAN over the X4 connection, I assume it has something to do with enabling RIP or setting a static route?  I think that's the part I'm most confused about.  Can you walk me through that?
Aaron TomoskySD-WAN SimplifiedCommented:
I did this like your second attempt and it works.
Sonicwall1 port sheild x4 to x0
Sonciwall2 x4 assign ip in LAN range of sonicwall 1. Zone isn't important unless you want firewall rules. If you are bridging lans like I was, just leave it as LAN
Plug in x4 to x4
Sonicwall1 make address object for sonicwall2 network (let's call it s2)
Set traffic to s2 to use x4 and sonicwall2 x4 ip as it's gateway
Same thing in reverse on the sonicwall2

I can help with better specifics when I'm back in the office and can see my sonicwall Monday if you still need help.
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

One way is to setup a static map

See if the Aaron's guidance to your initial attempt is sufficient, or whether you want to have any control of inter-lan traffic. i.e. Limit .....

Here is a guide to setup dynamic advertising between two location. This type of setup simplifies things down the road if you ever add additional segments.

The example covers a VPN to connect, but you can use this example to map the X4 interface and the VPN in the event the X4 connection gets cut.
dbestcomputersAuthor Commented:
Sorry it's been a little while, I've had some other projects I got stuck on.  

I really wanted it to work without a VPN, just using routing to get from my router1 subnet to my router2 subnet using the X4 subnet as an intermediary., but I couldn't get that to work in any way,

As for Aaron's mention of portshielding the X1 to the X4 on one router and linking the second router with an IP from Router1.  That works, but the connection was extremely slow for me.  I assume because the WAN link is in router1's multicast domain so there is extra traffic going over the link, but I'm not really sure, it was just extremely slow.  

Eventually I set up a seperate subnet on X4, made it a WAN zone, created a VPN over it, and that works fine.  I didn't want to have the VPN because it creates extra overhead we could be using for bandwidth (it's a very low speed link), but I do have it working via this method.  

arnold's method is waht I was going for, but I couldn't get it to work with static mappings or route advertisement, and that's the reason for creating the thread was to get some step by step directions...
dbestcomputersAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for dbestcomputers's comment #a40006515

for the following reason:

I really wanted to to work via route advertisement and static mappings, keeping the subnets completely seperated by a subnet in the middle, but I wasn't able to get that result.  Instead I set up a VPN over the "WAN" link that was X4 to X4.
Aaron TomoskySD-WAN SimplifiedCommented:
You found two solutions that worked, one was slow for you and one used a VPN, but these are both still solutions. My solution was in place on my network for over a year and was not slow at all. If you needed help trying to get it working faster you should have asked.
dbestcomputersAuthor Commented:
OK whatever, I'll accept the solution, I don't have time to waste on this.  

However, the solution given was not working.  "Slow" really doesn't justfy what was happening on the link, I should've been more specific, I could get 2 of 5 pings across usually, and the other 3 timed out.  So we can prove there is "some" connection by pings but no data could be passed across the link. I don't consider that working at all.  

You were specific in your configuration details as I requested but it really wasn't a valid solution IMO.

Also, the VPN solution (which actually worked) was MY solution, which I TRIED to accept as the solution before your rebuttal.....

Anyway, don't care, don't have time, here you go buddy.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now