How to configure VPN to listen at certain IP on Sonicwall?

MichaelBalack
MichaelBalack used Ask the Experts™
on
This is using DELL Sonicwall NSA 2600. Currently, 2 network ports are in use - X0, for LAN; and X1 for WAN. For LAN, we are using 10.133.0.0/24, while X0, there is a IP pool - a.b.99.128/28; See the IP addresses allocated:

     X0 - 10.133.0.254
     X1 - a.b.99.130

Current, few IPsec tunnel site-to-site were configured and working fine. Except for one site, in which the ip - a.b.99.130 was blocked by the other side of the IPsec tunnel. Now, I am thinking to use a different IP, for example, .142, to be binds to this IPsec tunnel. Shall I have create a secondary IP on X1 interface? How to configure the X0 interface, so as this site VPN is listening at a different IP?

Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
J SpoorTME / Network Security Evangelist

Commented:
It is unfortunately not possible to terminate VPNs to another IP then the WAN primary IP.

What is blocking the IP?
MichaelBalackSenior System Engineer

Author

Commented:
Hi JSpoor,

Originally, on this current sonicwall, we setup 5 site-to-site VPNs to other countries, and all works fine. This firewall is located at Taiwan, and suddenly, the vpn to China dropped. The symptom is, China firewall WAN IP is not pingeable from Taiwan, and vice versa.

At the end, we confirmed that the Taiwan fiewall WAN ip has been blocked by China Telecom Authority. Repetitive appeals to get the IP delisted down to drain.
J SpoorTME / Network Security Evangelist

Commented:
the reason for black listing?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

MichaelBalackSenior System Engineer

Author

Commented:
No idea.
TME / Network Security Evangelist
Commented:
the only option you have then I guess is to swap IP's on the main side...
MichaelBalackSenior System Engineer

Author

Commented:
Mainland China is very sensitive upon the data from Taiwan. This could be a political issue. For any data (such as, encrypted data from VPN) that not able to track, they will block it.
J SpoorTME / Network Security Evangelist

Commented:
you have any other sites? you can use to hub and spoke ?
MichaelBalackSenior System Engineer

Author

Commented:
As expert - JSpoor suggested, swap the IP address for WAN (x1) interface. We did it, and it works

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial