How do I configure 2 networks behind one Sonicwall

Posted on 2015-02-07
Last Modified: 2015-03-23
Hello all!

I'm looking for a little guidance on how to relocate some servers from our sister company to our office and it's a little outside my wheelhouse.

Current Scenario:
Our corporate office is in Las Vegas.  Subnet 192.168.x.x/20
We purchased a company in San Diego. Subnet 10.0.10.x/24
Both offices are currently connected via Sonicwall VPN.
Both Offices are on their own domains.

Here's what needs to be accomplished:
We are relocating Exchange, SQL server, Web Server, One Domain Controller, Terminal Server, a Back-office Application server and several support servers from the SD to the LV office.
We are leaving a Domain controller/file server and a print server onsite in SD.

The LV users need to access the Back-office server across the internal network.
The SD users will access the Back-office server using the terminal server.

I would like to place the the SD servers on their own network in my LV data center.
The relocated AD server will need to communicate with the AD server left in the SD office.
I have a spare static IP i can use for easier port forwarding.
The LV office has a sonicwall NSA 240 running SonicOS Enhanced

What is the best way to network the relocated servers?
Should I put them on their own network, with their own public ip using my existing Sonicwall? (This seems to the simplest way to manage the port forwarding)
Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?

I looked into Portshield, but that seems geared toward combining two separate interfaces into one virtual interface.

Thanks for the suggestions,
Question by:elsteef
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Accepted Solution

Axis52401 earned 500 total points
ID: 40596210
What is the best way to network the relocated servers?
use the lan2 port for the new network and configure it to match the settings of the SD office

Should I put them on their own network, with their own public ip using my existing Sonicwall?
Thats how I would do. Port forwarding from WAN to LAN2 is easy but natting could get messy without a dedicate port.

Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
I believe so but check the documentation of the router to be sure. I know it definitely has a LAN2 port and most sonicwalls have a WAN2 port as well.

If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?
Yes, it will actually be between the WAN2 interface and the SD office. You'll now have some local A/D traffic going between LAN1 and LAN2 so to make things easier any time the LAN1 servers at LV need to talk to SD, they'll go to LAN2 first and if it can't field the request then it will automatically goe accross the WAN2 VPN to the LV office. You don't wall all active directory traffic going across the VPN so if you use the dedicated WAN2 port then a new VPN tunnel is required.

Author Comment

ID: 40596958
Thanks for the response Axis.

My Sonicwall has X3-X8. Probably just semantics.....
I will create new WAN and LAN ports. using X3 and X4 and let you know how it goes.

One point of clarification about the network configuration. I thought the servers being relocated from San Diego would need to be put on a separate IP scheme than the servers that remain in SD. That way they  can communicate properly across the VPN.


Author Comment

ID: 40610011
I had to fight with COX all week to get my new static IP's activated. I'm back at it today....

I have port X3 as my secondary LAN port and X4 as my secondary WAN.
I can access computers in both directions across the LAN's.

Here's where I'm still having problems:
The port forwarding from WAN2 to LAN2 is not working. I have jPerf listening on the designated port. I fail to connect across the WAN using TELNET. I can connect from LAN1 to LAN2.
I am not guru at configuring Sonicwall port forwarding, but I have done it successfully 6-8 times, so I'm confident I know the basics. It seems as though I need to do something different on my second WAN/LAN.

The VPN tunnel isn't working between LAN2 and the SD office. I haven't spent much time on this yet since I've been concentrating on the port forwarding.

I will continue working on this today. Feel free to jump in with suggestions.

Author Comment

ID: 40613005
I now have my port forwarding working. It was just a matter of using the wizards rather than creating the rules manually.
All my traffic from my new LAN is going out over the WAN2 interface. That was done by adding a Route Policy like this:
Go to Network->Routing. Add a new Route Policy.

•Source = LAN2
•Destination = Any
•Service = Any
•Gateway = X4
•Default Gateway Interface = X4
•Metric= something less than 20 (10?) so that it preempts the other route policies.

The only problem I have left is the VPN.
I still have VPN access from Las Vegas LAN1 to San Diego. I do not have VPN access to San Diego from LAN2.
Can anyone outline the process for directing that VPN traffic so both LAN1 and LAN2 are talking to the San Diego network across the VPN tunnel?

Thanks again,

Author Closing Comment

ID: 40682357
The answer I received didn't completely answer my questions. Since it was a multi-part question and Axis52401 is the only person that responded, so I gave him the points.


Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question