Solved

Route Sonicwall TZ215 to Draytek 2860 LAN via Draytek WAN

Posted on 2014-07-25
13
740 Views
Last Modified: 2014-07-29
I have a network on 192.168.1.x consisting of a Windows DHCP server, various client devices and going out via a Sonicwall TZ215.
I am installing a VOIP system which I am putting behind a Draytek 2860n doing DHCP on LAN 192.168.2.x.
The Draytek will have its own broadband connection shortly to WAN1 but in the meantime I am setting its WAN2 port to use the existing broadband on the 1.x network. It will get a DHCP address of 192.168.1.254. This will remain in place when WAN1's broadband comes active both as a failover but also because I want to link it to the LAN objects within 1.x. I want the client PC's in 1x.  to be able to access the IP phones in 2.x.
It would be much easier to put everything on the one subnet but I don't want the phones to be reliant on the Windows server in any way. Nor do I want to assign the phones static IP's.

I have not done this before and am not sure what settings I need in which router to allow 1.x to bridge over to 2.x given that the Draytek will be doing NAT behind WAN2 by default. I am not sure if I need to configure a static route, IP routed subnet, or load balance policy in the Draytek. Or perhaps a VPN. Any guidance would be appreciated.
0
Comment
Question by:smickell
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 20

Accepted Solution

by:
masnrock earned 400 total points
ID: 40221428
I'd tell you that you're spending unnecessary money. You could have the Sonicwall do all of the work. It can have both WAN connections and have both LANs defined on it. You could have DHCP for the VOIP LAN be handled by the Sonicwall as well. Basically, the Draytek is completely unneeded for this scenario.
0
 
LVL 13

Expert Comment

by:kenfcamp
ID: 40221522
masnrock has made a valid point..  Unless there's a specific need for the Draytek that we are unaware of, you might want to consider modifying your setup
0
 
LVL 32

Assisted Solution

by:nappy_d
nappy_d earned 100 total points
ID: 40221537
Hi I agree with masnrock.  Here is a design I have implemented for a few of my clients that I manage with Sonicwall devices.

This will ease your troubleshooting in the future.
NetWork Design1
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40221596
I agree about the sonicwall doing everything, but just for fun you can totally use the draytek like you want.

The way you described the 2.x computers will be able to access the 1.x subnet without doing anything.
If you want 1.x computers to access 2.x, In the sonicwall:
Make an address object for the draytek 1.254
Add a route for the 2.x subnet to use the 1.254 address object as the gateway

Then you just have to allow this upstream connection in the draytek. I don't use draytek so I can't tell you exactly how to do this but I've set this up with other routers for various reasons with success.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 40221801
nappy_d raised another valid point. Were you planning to do VLANs on your switch or were you planning to get a separate switch?
0
 

Author Comment

by:smickell
ID: 40222589
Lots of useful points here. First up, I will ditch the Draytek - less kit to worry about. Part of the reason was my greater familiarity with the Draytek, but also because I didn't realise the Sonicwall was able to do what masnrock indicated. At present Sonicwall X0 is LAN, Sonicwall X1 is WAN, the rest are unassigned. So what I will do is configure X2 as a failover WAN, plugged straight into a fibre modem; configure X3 as a DHCP server for 2.x zone and plug the new VOIP network switch into that.

I'm happy enough with configuring X2 as another WAN and configuring load balancing.

To make the Sonicwall perform DHCP on just port X3 - I'm not sure of the exact steps. At present X3-6 are mapped as a Portshield interface to X0 - I assume I take X3 out of this first? Then Interfaces > X3 - choose LAN, Static IP mode, give it an IP of 192.168.2.1 and tick HTTP management options.
Then DHCP >  enable DHCP server, delete the two lease scopes currently there (must have been there by default or left as legacy by old IT provider), add Dynamic scope, tick 'interface pre-populate' and choose X3?

I assume it's possible for the Sonicwall to route between 1.x and 2.x then, but again, what are the exact steps involved? Will the device just allow this by default or do I need to add a route of some kind?

masnrock - I have a separate switch planned for the VOIP system. There is a HP 1910-24G-PoE ready to install. At present the IT network runs off a HP 1410-24G (unmanaged). Am I correct in saying that this would eliminate the need for VLANS if the switches will be operating on different subnets? (The 1920 is VLAN/QoS capable though)
Sorry for the repeated questions but the above is slightly unfamiliar territory for me.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:smickell
ID: 40222616
Just showing screenshots of the steps above. It all looks OK to me but just wanting to make sure. When I added a new zone (called 'VOIP LAN' and assigned it to X3, it auto-added the access rule seen in screenshot 2. Not on-site yet to test if the rule allows access across yet.
Snap1.png
Snap2.png
0
 
LVL 20

Expert Comment

by:masnrock
ID: 40222622
It's really not too bad, You go within the DHCP server, and make sure to enable ONLY the DHCP range for the subnet of your VOIP LAN.

Yes, take X3 out of the Portshield group to X0. Correct again about the steps to make X3 a LAN port. The Sonicwall will automatically create a lease scope for DHCP. (Occasaionally it may not, but that is easy to define if you need to.)  Just make sure to 1) enable the DHCP server, and 2) enable the scope that reflects 2.x (leave 1.x unchecked unless you want to have the Sonicwall start to handle DHCP for the 1.x LAN as well). I don't know what the lease scopes listed are, but you can delete them if you know for sure that they are useless. Disabling them won't hurt anything, that way you can just reenable if for some reason something happens.

Sonicwalls will generally allow routing between the subnets by default. But it you look within the Firewall rules, it will be a LAN > LAN rule if you ever need to review.

If you are going to use a separate switch for the VOIP network, there is no need for VLANs. That is absolutely correct.

You pretty much have the right idea of what to do.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 40222624
Are the two LANs going to use the same connection always? Or will VOIP be using the new connection that is coming in? No right or wrong answer, just depends on you.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 40222649
Also, I would not route all traffic but rather only the traffic for VoIP to x3
0
 

Author Comment

by:smickell
ID: 40222819
masnrock - the two LANs are going to use the same connection - there's more than enough bandwidth. Once the new connection is up, I might look into routing VOIP traffic exclusively via WAN x3, which I guess will be a separate question on EE :)  nappy_d - I assume that is what you mean. If that WAN drops, set the devices to use WAN x1. Similarly, if the I.T. network's WAN x1 drops, the Sonicwall should fail over to WAN x3. Is this achievable? This is my final question on this topic, you guys have earned your keep by this stage.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 40222838
The short answer is yes, this is achievable. ANd rather than type out a whole ong thing, here's a link that gives you the steps: Sonicwall Failover Directions

Basic Active/Passive Failover is what is applicable in your case.
0
 

Author Closing Comment

by:smickell
ID: 40227722
Worked a treat guys. Plugged the new switch into port X3, 2.x addresses came up just as I wanted, so I must've got the settings correct. The auto-added access rule allowed routing from 1.x to 2.x just as masnrock said it would. Very happy - thanks for everybody's input.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now