Increase network size on SonicWall NSA 220

I have a SonicWall NSA 220.  I inherited the current network ip scheme of 10.30.5.x/

Our office is expanding and I need more IP address availability. I would like to also segregate some items, such as IP phones to their own segment.

Can I simply change the netmask to  And then start using 10.30.10.x addresses for the phones? The SonicWall currently handles DHCP but DNS is on a couple 10.30.5.x domain controllers.

Scot SunnergrenCTOAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
Yes, but you probably dont want to leave open that many subnets.  What I usually do is have a few subnets and seperate my network to make it easier to identify.


Sub: (gives me 7 subnets) = Static and network equipment = IP phones = DHCP


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scot SunnergrenCTOAuthor Commented:
Thank you.

But when I try to change the subnet mask for the XO Interface, which is where I assume I need to do this, I get...

Status: Error: Index of the interface.: This interface is used by SSL VPN IP Pool  

Why would that prevent me changing it? My NetExtender start and end ips are within the original 10.30.5.x range...
Nick RhodeIT DirectorCommented:
Most likely you would have to adjust the pool for your VPN users.  I assume you have the VPN setup to recieve an IP address from the router with a VPN client establishes a connection.  I cannot remember all the settings off the top of my head but you could contact sonicwall support and they would be able to guide you through the process.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

the sonicwall if like other devices wont allow the change of the 10.3.5.x to a different mask when other features such as the vpn are using the same subnet as it would still be trying to use the /24 mask which wont work in conjuction with /16.

And yes i agree with Nick, i imagine if you temp change the vpn pool to say, swap your mask to /16 on the 10.30.5.x lan segment it will probably work ok, then swap the vpn pool back to say 10.30.30.x/16 it will save ok. In theory as you will be on /16 10.30.5.x and 10.30.30.x are the same subnet but the numbers give some differentiation.
Fred MarshallPrincipalCommented:
I can't tell the difference between the X0 interface and the 5 apparent other "LAN" interfaces.  If it has VLAN capabilities then that might explain this but I could not find a manual for the NSA 220.  X0 almost looks like a console type port even though it's labeled as LAN.  A link to the manual would help.

You have two objectives so I'll address them separately:

1) to increase the number of available IP addresses on the LAN, consider this:
If you change the subnet mask on the router/DHCP server to, this will increase the subnet by a factor of 2 from 254 usable addresses to 510 usable addresses.  The new network address will be and the new addresses will be to
The broadcast address will remain at - which in some sense is a good thing.
You will probably have to change the subnet base address manually but likely nothing else.
Then, you will need to transition the subnet masks being used on all the devices but actually they may work within the to range of addressed devices just fine before that change is made.  So disruption could be minimized.  I'd change the critical devices first nonetheless.

2) Separate subnets for phones, etc?
If the NSA 220 will provide VLANs then you could set up a VLAN for the phones.  It would have a separate IP address range and would need it's own DHCP server unless the Sonicwall will do that or unless everything in the phone system has a static IP, etc.

As far as interfering with current VPN settings, it would be good to know what the settings are now.  I would not mess around with the VPN settings simply to avoid a project that you may not be prepared to handle.  Presumably it's working and is needed all the time.
Scot SunnergrenCTOAuthor Commented:
Thank you all. It appears that the SonicWall does not like you to change the underlying mask when he SSLVPN is attached to it. I ended up having to wait for the users to be off, created a new subnet on a spare port, change the SSLVPN address pool to that, modify the X0 mask, and then change the SSLVPN pool back. Actually only took a couple minutes.

I did find that one of my static ip assignments no longer worked when I was done. The DHCP server automatically picked up the subnet change and modified all of them but on one device, when I did a release/renew, it would not find the DHCP server and gave a 169 address. Restarting the SonicWall corrected this issue.

Thanks again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.