Avatar of Rick Mills
Rick Mills
Flag for United States of America asked on

Configure Sonicwall for CIDR block with a Host IP

I have a Sonicwall NSA 220.
We upgraded our Internet connection with our ISP.
I'll use example IP addresses.
I was given a block of 8 public IP addresses (123.123.123.208/29).
I have been given a different host IP (222.222.222.230).
I've been told to configure the WAN port with the host IP (222.222.222.230), which I've done.
I've also been told to configure a route for the public IP addresses.  I've attempted to do so, but I have apparently not done so correctly.

I've tried creating an address object called Public IPs with a range of 123.123.123.208 through .215.
I've also tried making the address object with a network of 123.123.123.208 with a subnet mask of 255.255.255.248.

I then added a route with the following:
Source    LAN Subnets (I also tried Any)
Dest        Public IPs (address object described above)
Service    Any
Gateway 0.0.0.0
Interface X1  (where the ISP is connected and the Host IP is configured for the WAN port)

Any help on what I'm doing wrong is greatly appreciated.
Also, out of curiosity, is there a term to describe this type of setup?
Thanks, Rick
Networking

Avatar of undefined
Last Comment
Rick Mills

8/22/2022 - Mon
masnrock

What you never mentioned is where the public addresses are supposed to point to or correspond with. Could you please answer that?
ASKER CERTIFIED SOLUTION
aleghart

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Rick Mills

ASKER
I have checked with my ISP.  They have given me a single IP address with subnet mask and default gateway.  They have also given me a range of IP addresses with a subnet maks of 255.255.255.248, but no default gateway.
They have told me to configure the WAN port with the individual IP address, which I've done.
They said I need to create routes for the range of IP addresses, but have given me nothing more to go on.
The ISP is Cox.
Any help is greatly appreciated.
aleghart

Did you read my instructions Section 2 for the static route?  There should be no default gateway within the /29 subnet.  You'll use the default gateway of the /30 subnet that you were first issued.

"0.0.0.0" means "default route"
The default gateway is treated as an object "X1 default gateway".
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Rick Mills

ASKER
Thank you.  I think I understand what you're telling me, but I still don't have it working.
Let me tell you what I have now and see if you can identify my mistake(s).

I have the WAN port configured with the 222.222.222.228 IP info.

I have an address object name Cox Fiber IPs.  Zone: Wan, Type: Network, Network: 123.123.123.208, Netmask: 255.255.255.248

I have multiple static ARP entries.  
IP: 123.123.123.208, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
IP: 123.123.123.209, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
IP: 123.123.123.210, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
through 123.123.123.215

I have a static route:
Source: Any, Dest: Cox Fiber IPs, Service: Any, Gateway: 0.0.0.0, Interface: X1, Metric: 20

Thanks, again.
aleghart

For the static ARP entry, you should only use the gateway IP address for the second subnet.  Did the ISP assign one out of the IP addresses provided?  My instructions for the Static ARP route should read:

1. Create A Static ARP Entry For The New Subnet:

Network > ARP
[Add]
IP address: 123.123.123.209
interface: X1
publish entry [check]

This is assuming that the ISP is assigning the '.209' address as your gateway.  They will publish this address to their upstream routers so that all traffic for 210-215 will head for 209.

Does that make sense?
Rick Mills

ASKER
The ISP had provided incorrect information, but this response clarified the information for me.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.