I have two networks that I need to join. A and B
Network "A" is 10.0.0.x/24 behind a cable modem. No special routing, etc.
Network "B" is more complex. It is a 10.10.x.x/16 network behind a sonicwall TZ210, with a cable modem in front of that. Behind the Sonicwall, there is a Cisco 3850 24 POE+. Here is where it gets interesting: Behind the Cisco are multiple subnetworks and VLANs. Lets call them "B.1" etc.
Network "B.1" is a 10.10.10.x/24 network on VLAN 1.
Network "B.2" is a 10.10.15.x/24 network on VLAN 15.
Network "B.3" is a 10.100.100.x/24 network on VLAN 3.
Network "B.4" is an unknown network with only one node: A managed Dell Switch. The other side of which we will call Network "B.4.1" which also has multiple subnetworks and VLANs.
Network "B.4.1.1" is a 10.10.14.x/24 network on VLAN 4
Network "B.4.1.2" is a 10.10.1.x/24 network on VLAN 5
And finally, on network B.4.1.2 there is another Dell managed Switch, the other side of which we will call Network "B.188.8.131.52" which is a 128.10.1.x/24 on VLAN 5
Clear as mud? Don't blame me. I inherited it and I'm not allowed to change it. (Yet ... )
So, What I need to do is give certain workstations on Network A access to a server on network "B.2" (10.10.15.x/24 network on VLAN 15) and also give access to certain workstations on network B (and various subnets and VLANs) to a server on Network A.
Here's what I did so far:
We ran a cable from a dumb switch on Network A to the Sonicwall's X6 port on Network B.
The X6 port was assigned it's own zone and portshield group, and given the IP address of a node on Network A.
I created a route in the sonicwall for access to the 10.0.0.0/24 network through the X6 port.
Then I added rules to the firewall to allow ONLY the desired ports and nodes from Net A to get to the server on net B. And Vica Versa.
Then we tested.
The sonicwall, from the diagnostics page, can ping the desired server on network A. (joy!) And the server on Net A can ping the sonicwall's X6 port. (joy!)
However, the server on Net A, can NOT ping the nodes in Net B. (understandable, since there is no route saved)
Nor can the nodes in net B ping the Server on net A. (odd, since there *is* a route in the sonicwall.) Furthermore, I plugged a laptop directly into the sonicwall's LAN port and was still unable to ping the server on net A.
For giggles, I set the firewall rules to be wide open in both directions and re-tested. Same results.
Also - Another new Sonicwall is on the way for network A.