James Seifert
asked on
DHCP over Sonicwall Tunnel
Hello,
We are looking into setting up a remote site tunnel using a Soncwall NSA 2600 (local) and a Cisco RV110W (remote). We would like to have DHCP from our local network (10.56.102.0 /24) to give addresses through the tunnel, to hosts connected to the Cisco device. So hosts on the remote network, would look as if they have a 10.56.102.0 address. Is this possible?
Thanks!
We are looking into setting up a remote site tunnel using a Soncwall NSA 2600 (local) and a Cisco RV110W (remote). We would like to have DHCP from our local network (10.56.102.0 /24) to give addresses through the tunnel, to hosts connected to the Cisco device. So hosts on the remote network, would look as if they have a 10.56.102.0 address. Is this possible?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I should add that forcing the remote site to go the office for all its traffic (that is what DHCP will do) will be very slow (slower than VPN is anyway).
We tried that solution - very quickly went back (and that was on 100Mbps bearer - with latency less then 10ms)
basically when you have vpn tunnel - packets have to be formatted to pass the tunnel (and obviously inspected) =which is slow
basically when you have vpn tunnel - packets have to be formatted to pass the tunnel (and obviously inspected) =which is slow
solution to your problem would be using variable subnetting
like
10.56.102.0 /25
network 1 from 10.56.102.0
10.56.102.1-10.56.102.126 (127 broadcast)
network 2 from
10.56.102.128 /25
10.56.102.129-10.56.102.25 4 (255 broadcast)
so your subnet mask on both would be 255.255.255.128
like
10.56.102.0 /25
network 1 from 10.56.102.0
10.56.102.1-10.56.102.126 (127 broadcast)
network 2 from
10.56.102.128 /25
10.56.102.129-10.56.102.25
so your subnet mask on both would be 255.255.255.128
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The question that was asked was whether it was possible and my original response pretty much addressed this question. Dont do it... As for the specifics... Setup an entirely different DHCP scope for the remote office to use. I wouldnt use anything even close. Use the 172.16.0.0 /26 RFC 1918 subnet for Non Local but stil trusted traffic. Logically this is better because now for logging purposes you know exactly who is doing what with regards to access by IP per outside office.