Link to home
Start Free TrialLog in
Avatar of elsteef
elsteef

asked on

How do I configure 2 networks behind one Sonicwall

Hello all!

I'm looking for a little guidance on how to relocate some servers from our sister company to our office and it's a little outside my wheelhouse.

Current Scenario:
Our corporate office is in Las Vegas.  Subnet 192.168.x.x/20
We purchased a company in San Diego. Subnet 10.0.10.x/24
Both offices are currently connected via Sonicwall VPN.
Both Offices are on their own domains.

Here's what needs to be accomplished:
We are relocating Exchange, SQL server, Web Server, One Domain Controller, Terminal Server, a Back-office Application server and several support servers from the SD to the LV office.
We are leaving a Domain controller/file server and a print server onsite in SD.

The LV users need to access the Back-office server across the internal network.
The SD users will access the Back-office server using the terminal server.

I would like to place the the SD servers on their own network in my LV data center.
The relocated AD server will need to communicate with the AD server left in the SD office.
I have a spare static IP i can use for easier port forwarding.
The LV office has a sonicwall NSA 240 running SonicOS Enhanced 5.8.1.13-1o

Questions:
What is the best way to network the relocated servers?
Should I put them on their own network, with their own public ip using my existing Sonicwall? (This seems to the simplest way to manage the port forwarding)
Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?

I looked into Portshield, but that seems geared toward combining two separate interfaces into one virtual interface.

Thanks for the suggestions,
Steve
ASKER CERTIFIED SOLUTION
Avatar of Axis52401
Axis52401
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of elsteef
elsteef

ASKER

Thanks for the response Axis.

My Sonicwall has X3-X8. Probably just semantics.....
I will create new WAN and LAN ports. using X3 and X4 and let you know how it goes.

One point of clarification about the network configuration. I thought the servers being relocated from San Diego would need to be put on a separate IP scheme than the servers that remain in SD. That way they  can communicate properly across the VPN.

Thanks,
Steve
Avatar of elsteef

ASKER

I had to fight with COX all week to get my new static IP's activated. I'm back at it today....

I have port X3 as my secondary LAN port and X4 as my secondary WAN.
I can access computers in both directions across the LAN's.


Here's where I'm still having problems:
The port forwarding from WAN2 to LAN2 is not working. I have jPerf listening on the designated port. I fail to connect across the WAN using TELNET. I can connect from LAN1 to LAN2.
I am not guru at configuring Sonicwall port forwarding, but I have done it successfully 6-8 times, so I'm confident I know the basics. It seems as though I need to do something different on my second WAN/LAN.

The VPN tunnel isn't working between LAN2 and the SD office. I haven't spent much time on this yet since I've been concentrating on the port forwarding.

I will continue working on this today. Feel free to jump in with suggestions.
Steve
Avatar of elsteef

ASKER

I now have my port forwarding working. It was just a matter of using the wizards rather than creating the rules manually.
All my traffic from my new LAN is going out over the WAN2 interface. That was done by adding a Route Policy like this:
Go to Network->Routing. Add a new Route Policy.

•Source = LAN2
•Destination = Any
•Service = Any
•Gateway = X4
•Default Gateway Interface = X4
•Metric= something less than 20 (10?) so that it preempts the other route policies.


The only problem I have left is the VPN.
I still have VPN access from Las Vegas LAN1 to San Diego. I do not have VPN access to San Diego from LAN2.
Can anyone outline the process for directing that VPN traffic so both LAN1 and LAN2 are talking to the San Diego network across the VPN tunnel?

Thanks again,
Steve
Avatar of elsteef

ASKER

The answer I received didn't completely answer my questions. Since it was a multi-part question and Axis52401 is the only person that responded, so I gave him the points.

Thanks