Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Configure Sonicwall for CIDR block with a Host IP

Posted on 2014-11-20
7
Medium Priority
?
957 Views
Last Modified: 2015-01-27
I have a Sonicwall NSA 220.
We upgraded our Internet connection with our ISP.
I'll use example IP addresses.
I was given a block of 8 public IP addresses (123.123.123.208/29).
I have been given a different host IP (222.222.222.230).
I've been told to configure the WAN port with the host IP (222.222.222.230), which I've done.
I've also been told to configure a route for the public IP addresses.  I've attempted to do so, but I have apparently not done so correctly.

I've tried creating an address object called Public IPs with a range of 123.123.123.208 through .215.
I've also tried making the address object with a network of 123.123.123.208 with a subnet mask of 255.255.255.248.

I then added a route with the following:
Source    LAN Subnets (I also tried Any)
Dest        Public IPs (address object described above)
Service    Any
Gateway 0.0.0.0
Interface X1  (where the ISP is connected and the Host IP is configured for the WAN port)

Any help on what I'm doing wrong is greatly appreciated.
Also, out of curiosity, is there a term to describe this type of setup?
Thanks, Rick
0
Comment
Question by:rickmills
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:masnrock
ID: 40456480
What you never mentioned is where the public addresses are supposed to point to or correspond with. Could you please answer that?
0
 
LVL 32

Accepted Solution

by:
aleghart earned 2000 total points
ID: 40456502
What do you mean by "host IP"?  You can be issued multiple subnets, but usually not just a single IP address.

For instance, you could be issued a /30 network (255.255.255.252) which has 4 IP addresses:
1. network address
2. broadcast address
3. gateway address (ISP's router)
4. usable address

For your single IP address example:
network address: 222.222.222.228
gateway address: 222.222.222.229
usable address: 222.222.222.230
broadcast address: 222.222.222.231

When you are issued additional subnets, you will get the same information from the ISP:

123.123.123.208/29 (255.255.255.248)
network address: 123.123.123.208
gateway address: 123.123.123.209
usable address: 123.123.123.210 - 214
broadcast address: 123.123.123.215

You'll have 5 usable addresses.

On the Sonicwall, you'd keep your existing /30 on the X1 WAN interface.  Usually, this is the first subnet you're granted.  You add more as your needs grow...but you don't have to change the original that you were issued.

For the new subnet, you'll need to:

1. create a static ARP entry for the new subnet:

Network > ARP
[Add]
IP address: 123.123.123.210
interface: X1
publish entry [check]

2. Configure static route:

Network > Routing
[Add]
Destination network: 123.123.123.208
Subnet mask: 255.255.255.248
Gateway: 0.0.0.0
Interface: X1
Metric: 20 (any number above zero is OK, but starting with 20 lets you add more routes later with higher or lower priority)
0
 

Author Comment

by:rickmills
ID: 40462026
I have checked with my ISP.  They have given me a single IP address with subnet mask and default gateway.  They have also given me a range of IP addresses with a subnet maks of 255.255.255.248, but no default gateway.
They have told me to configure the WAN port with the individual IP address, which I've done.
They said I need to create routes for the range of IP addresses, but have given me nothing more to go on.
The ISP is Cox.
Any help is greatly appreciated.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 32

Expert Comment

by:aleghart
ID: 40462143
Did you read my instructions Section 2 for the static route?  There should be no default gateway within the /29 subnet.  You'll use the default gateway of the /30 subnet that you were first issued.

"0.0.0.0" means "default route"
The default gateway is treated as an object "X1 default gateway".
0
 

Author Comment

by:rickmills
ID: 40462195
Thank you.  I think I understand what you're telling me, but I still don't have it working.
Let me tell you what I have now and see if you can identify my mistake(s).

I have the WAN port configured with the 222.222.222.228 IP info.

I have an address object name Cox Fiber IPs.  Zone: Wan, Type: Network, Network: 123.123.123.208, Netmask: 255.255.255.248

I have multiple static ARP entries.  
IP: 123.123.123.208, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
IP: 123.123.123.209, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
IP: 123.123.123.210, Type: Static, MAC: (same as other ARP entry for X1), Interface: X1
through 123.123.123.215

I have a static route:
Source: Any, Dest: Cox Fiber IPs, Service: Any, Gateway: 0.0.0.0, Interface: X1, Metric: 20

Thanks, again.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 40463499
For the static ARP entry, you should only use the gateway IP address for the second subnet.  Did the ISP assign one out of the IP addresses provided?  My instructions for the Static ARP route should read:

1. Create A Static ARP Entry For The New Subnet:

Network > ARP
[Add]
IP address: 123.123.123.209
interface: X1
publish entry [check]

This is assuming that the ISP is assigning the '.209' address as your gateway.  They will publish this address to their upstream routers so that all traffic for 210-215 will head for 209.

Does that make sense?
0
 

Author Closing Comment

by:rickmills
ID: 40573724
The ISP had provided incorrect information, but this response clarified the information for me.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question