Solved

How do I configure 2 networks behind one Sonicwall

Posted on 2015-02-07
5
156 Views
Last Modified: 2015-03-23
Hello all!

I'm looking for a little guidance on how to relocate some servers from our sister company to our office and it's a little outside my wheelhouse.

Current Scenario:
Our corporate office is in Las Vegas.  Subnet 192.168.x.x/20
We purchased a company in San Diego. Subnet 10.0.10.x/24
Both offices are currently connected via Sonicwall VPN.
Both Offices are on their own domains.

Here's what needs to be accomplished:
We are relocating Exchange, SQL server, Web Server, One Domain Controller, Terminal Server, a Back-office Application server and several support servers from the SD to the LV office.
We are leaving a Domain controller/file server and a print server onsite in SD.

The LV users need to access the Back-office server across the internal network.
The SD users will access the Back-office server using the terminal server.

I would like to place the the SD servers on their own network in my LV data center.
The relocated AD server will need to communicate with the AD server left in the SD office.
I have a spare static IP i can use for easier port forwarding.
The LV office has a sonicwall NSA 240 running SonicOS Enhanced 5.8.1.13-1o

Questions:
What is the best way to network the relocated servers?
Should I put them on their own network, with their own public ip using my existing Sonicwall? (This seems to the simplest way to manage the port forwarding)
Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?

I looked into Portshield, but that seems geared toward combining two separate interfaces into one virtual interface.

Thanks for the suggestions,
Steve
0
Comment
Question by:elsteef
  • 4
5 Comments
 
LVL 2

Accepted Solution

by:
Axis52401 earned 500 total points
Comment Utility
What is the best way to network the relocated servers?
use the lan2 port for the new network and configure it to match the settings of the SD office

Should I put them on their own network, with their own public ip using my existing Sonicwall?
Thats how I would do. Port forwarding from WAN to LAN2 is easy but natting could get messy without a dedicate port.

Can two of the unassigned Sonicwall ports be used as WAN2 and LAN2?
I believe so but check the documentation of the router to be sure. I know it definitely has a LAN2 port and most sonicwalls have a WAN2 port as well.

If I do use an unassigned port as WAN2, do I need to setup a new VPN tunnel between that WAN port and the SD office?
Yes, it will actually be between the WAN2 interface and the SD office. You'll now have some local A/D traffic going between LAN1 and LAN2 so to make things easier any time the LAN1 servers at LV need to talk to SD, they'll go to LAN2 first and if it can't field the request then it will automatically goe accross the WAN2 VPN to the LV office. You don't wall all active directory traffic going across the VPN so if you use the dedicated WAN2 port then a new VPN tunnel is required.
0
 

Author Comment

by:elsteef
Comment Utility
Thanks for the response Axis.

My Sonicwall has X3-X8. Probably just semantics.....
I will create new WAN and LAN ports. using X3 and X4 and let you know how it goes.

One point of clarification about the network configuration. I thought the servers being relocated from San Diego would need to be put on a separate IP scheme than the servers that remain in SD. That way they  can communicate properly across the VPN.

Thanks,
Steve
0
 

Author Comment

by:elsteef
Comment Utility
I had to fight with COX all week to get my new static IP's activated. I'm back at it today....

I have port X3 as my secondary LAN port and X4 as my secondary WAN.
I can access computers in both directions across the LAN's.


Here's where I'm still having problems:
The port forwarding from WAN2 to LAN2 is not working. I have jPerf listening on the designated port. I fail to connect across the WAN using TELNET. I can connect from LAN1 to LAN2.
I am not guru at configuring Sonicwall port forwarding, but I have done it successfully 6-8 times, so I'm confident I know the basics. It seems as though I need to do something different on my second WAN/LAN.

The VPN tunnel isn't working between LAN2 and the SD office. I haven't spent much time on this yet since I've been concentrating on the port forwarding.

I will continue working on this today. Feel free to jump in with suggestions.
Steve
0
 

Author Comment

by:elsteef
Comment Utility
I now have my port forwarding working. It was just a matter of using the wizards rather than creating the rules manually.
All my traffic from my new LAN is going out over the WAN2 interface. That was done by adding a Route Policy like this:
Go to Network->Routing. Add a new Route Policy.

•Source = LAN2
•Destination = Any
•Service = Any
•Gateway = X4
•Default Gateway Interface = X4
•Metric= something less than 20 (10?) so that it preempts the other route policies.


The only problem I have left is the VPN.
I still have VPN access from Las Vegas LAN1 to San Diego. I do not have VPN access to San Diego from LAN2.
Can anyone outline the process for directing that VPN traffic so both LAN1 and LAN2 are talking to the San Diego network across the VPN tunnel?

Thanks again,
Steve
0
 

Author Closing Comment

by:elsteef
Comment Utility
The answer I received didn't completely answer my questions. Since it was a multi-part question and Axis52401 is the only person that responded, so I gave him the points.

Thanks
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now