Go Premium for a chance to win a PS4. Enter to Win


How do I configure 2 networks behind one Sonicwall

Posted on 2015-02-07
Medium Priority
Last Modified: 2015-03-23
Hello all!

I'm looking for a little guidance on how to relocate some servers from our sister company to our office and it's a little outside my wheelhouse.

Current Scenario:
Our corporate office is in Las Vegas.  Subnet 192.168.x.x/20
We purchased a company in San Diego. Subnet 10.0.10.x/24
Both offices are currently connected via Sonicwall VPN.
Both Offices are on their own domains.

Here's what needs to be accomplished:
We are relocating Exchange, SQL server, Web Server, One Domain Controller, Terminal Server, a Back-office Application server and several support servers from the SD to the LV office.
We are leaving a Domain controller/file server and a print server onsite in SD.

The LV users need to access the Back-office server across the internal network.
The SD users will access the Back-office server using the terminal server.

I would like to place the the SD servers on their own network in my LV data center.
The relocated AD server will need to communicate with the AD server left in the SD office.
I have a spare static IP i can use for easier port forwarding.
The LV office has a sonicwall NSA 240 running SonicOS Enhanced

What is the best way to network the relocated servers?
Should I put them on their own network, with their own public ip using my existing Sonicwall? (This seems to the simplest way to manage the port forwarding)
Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?

I looked into Portshield, but that seems geared toward combining two separate interfaces into one virtual interface.

Thanks for the suggestions,
Question by:elsteef
  • 4

Accepted Solution

Axis52401 earned 1500 total points
ID: 40596210
What is the best way to network the relocated servers?
use the lan2 port for the new network and configure it to match the settings of the SD office

Should I put them on their own network, with their own public ip using my existing Sonicwall?
Thats how I would do. Port forwarding from WAN to LAN2 is easy but natting could get messy without a dedicate port.

Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
I believe so but check the documentation of the router to be sure. I know it definitely has a LAN2 port and most sonicwalls have a WAN2 port as well.

If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?
Yes, it will actually be between the WAN2 interface and the SD office. You'll now have some local A/D traffic going between LAN1 and LAN2 so to make things easier any time the LAN1 servers at LV need to talk to SD, they'll go to LAN2 first and if it can't field the request then it will automatically goe accross the WAN2 VPN to the LV office. You don't wall all active directory traffic going across the VPN so if you use the dedicated WAN2 port then a new VPN tunnel is required.

Author Comment

ID: 40596958
Thanks for the response Axis.

My Sonicwall has X3-X8. Probably just semantics.....
I will create new WAN and LAN ports. using X3 and X4 and let you know how it goes.

One point of clarification about the network configuration. I thought the servers being relocated from San Diego would need to be put on a separate IP scheme than the servers that remain in SD. That way they  can communicate properly across the VPN.


Author Comment

ID: 40610011
I had to fight with COX all week to get my new static IP's activated. I'm back at it today....

I have port X3 as my secondary LAN port and X4 as my secondary WAN.
I can access computers in both directions across the LAN's.

Here's where I'm still having problems:
The port forwarding from WAN2 to LAN2 is not working. I have jPerf listening on the designated port. I fail to connect across the WAN using TELNET. I can connect from LAN1 to LAN2.
I am not guru at configuring Sonicwall port forwarding, but I have done it successfully 6-8 times, so I'm confident I know the basics. It seems as though I need to do something different on my second WAN/LAN.

The VPN tunnel isn't working between LAN2 and the SD office. I haven't spent much time on this yet since I've been concentrating on the port forwarding.

I will continue working on this today. Feel free to jump in with suggestions.

Author Comment

ID: 40613005
I now have my port forwarding working. It was just a matter of using the wizards rather than creating the rules manually.
All my traffic from my new LAN is going out over the WAN2 interface. That was done by adding a Route Policy like this:
Go to Network->Routing. Add a new Route Policy.

•Source = LAN2
•Destination = Any
•Service = Any
•Gateway = X4
•Default Gateway Interface = X4
•Metric= something less than 20 (10?) so that it preempts the other route policies.

The only problem I have left is the VPN.
I still have VPN access from Las Vegas LAN1 to San Diego. I do not have VPN access to San Diego from LAN2.
Can anyone outline the process for directing that VPN traffic so both LAN1 and LAN2 are talking to the San Diego network across the VPN tunnel?

Thanks again,

Author Closing Comment

ID: 40682357
The answer I received didn't completely answer my questions. Since it was a multi-part question and Axis52401 is the only person that responded, so I gave him the points.


Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question