Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How do I configure 2 networks behind one Sonicwall

Posted on 2015-02-07
Medium Priority
Last Modified: 2015-03-23
Hello all!

I'm looking for a little guidance on how to relocate some servers from our sister company to our office and it's a little outside my wheelhouse.

Current Scenario:
Our corporate office is in Las Vegas.  Subnet 192.168.x.x/20
We purchased a company in San Diego. Subnet 10.0.10.x/24
Both offices are currently connected via Sonicwall VPN.
Both Offices are on their own domains.

Here's what needs to be accomplished:
We are relocating Exchange, SQL server, Web Server, One Domain Controller, Terminal Server, a Back-office Application server and several support servers from the SD to the LV office.
We are leaving a Domain controller/file server and a print server onsite in SD.

The LV users need to access the Back-office server across the internal network.
The SD users will access the Back-office server using the terminal server.

I would like to place the the SD servers on their own network in my LV data center.
The relocated AD server will need to communicate with the AD server left in the SD office.
I have a spare static IP i can use for easier port forwarding.
The LV office has a sonicwall NSA 240 running SonicOS Enhanced

What is the best way to network the relocated servers?
Should I put them on their own network, with their own public ip using my existing Sonicwall? (This seems to the simplest way to manage the port forwarding)
Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?

I looked into Portshield, but that seems geared toward combining two separate interfaces into one virtual interface.

Thanks for the suggestions,
Question by:elsteef
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4

Accepted Solution

Axis52401 earned 1500 total points
ID: 40596210
What is the best way to network the relocated servers?
use the lan2 port for the new network and configure it to match the settings of the SD office

Should I put them on their own network, with their own public ip using my existing Sonicwall?
Thats how I would do. Port forwarding from WAN to LAN2 is easy but natting could get messy without a dedicate port.

Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
I believe so but check the documentation of the router to be sure. I know it definitely has a LAN2 port and most sonicwalls have a WAN2 port as well.

If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?
Yes, it will actually be between the WAN2 interface and the SD office. You'll now have some local A/D traffic going between LAN1 and LAN2 so to make things easier any time the LAN1 servers at LV need to talk to SD, they'll go to LAN2 first and if it can't field the request then it will automatically goe accross the WAN2 VPN to the LV office. You don't wall all active directory traffic going across the VPN so if you use the dedicated WAN2 port then a new VPN tunnel is required.

Author Comment

ID: 40596958
Thanks for the response Axis.

My Sonicwall has X3-X8. Probably just semantics.....
I will create new WAN and LAN ports. using X3 and X4 and let you know how it goes.

One point of clarification about the network configuration. I thought the servers being relocated from San Diego would need to be put on a separate IP scheme than the servers that remain in SD. That way they  can communicate properly across the VPN.


Author Comment

ID: 40610011
I had to fight with COX all week to get my new static IP's activated. I'm back at it today....

I have port X3 as my secondary LAN port and X4 as my secondary WAN.
I can access computers in both directions across the LAN's.

Here's where I'm still having problems:
The port forwarding from WAN2 to LAN2 is not working. I have jPerf listening on the designated port. I fail to connect across the WAN using TELNET. I can connect from LAN1 to LAN2.
I am not guru at configuring Sonicwall port forwarding, but I have done it successfully 6-8 times, so I'm confident I know the basics. It seems as though I need to do something different on my second WAN/LAN.

The VPN tunnel isn't working between LAN2 and the SD office. I haven't spent much time on this yet since I've been concentrating on the port forwarding.

I will continue working on this today. Feel free to jump in with suggestions.

Author Comment

ID: 40613005
I now have my port forwarding working. It was just a matter of using the wizards rather than creating the rules manually.
All my traffic from my new LAN is going out over the WAN2 interface. That was done by adding a Route Policy like this:
Go to Network->Routing. Add a new Route Policy.

•Source = LAN2
•Destination = Any
•Service = Any
•Gateway = X4
•Default Gateway Interface = X4
•Metric= something less than 20 (10?) so that it preempts the other route policies.

The only problem I have left is the VPN.
I still have VPN access from Las Vegas LAN1 to San Diego. I do not have VPN access to San Diego from LAN2.
Can anyone outline the process for directing that VPN traffic so both LAN1 and LAN2 are talking to the San Diego network across the VPN tunnel?

Thanks again,

Author Closing Comment

ID: 40682357
The answer I received didn't completely answer my questions. Since it was a multi-part question and Axis52401 is the only person that responded, so I gave him the points.


Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question