How to configure VPN to listen at certain IP on Sonicwall?

This is using DELL Sonicwall NSA 2600. Currently, 2 network ports are in use - X0, for LAN; and X1 for WAN. For LAN, we are using 10.133.0.0/24, while X0, there is a IP pool - a.b.99.128/28; See the IP addresses allocated:

     X0 - 10.133.0.254
     X1 - a.b.99.130

Current, few IPsec tunnel site-to-site were configured and working fine. Except for one site, in which the ip - a.b.99.130 was blocked by the other side of the IPsec tunnel. Now, I am thinking to use a different IP, for example, .142, to be binds to this IPsec tunnel. Shall I have create a secondary IP on X1 interface? How to configure the X0 interface, so as this site VPN is listening at a different IP?

Thanks,
LVL 1
MichaelBalackSenior System EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

J SpoorTME / Network Security EvangelistCommented:
It is unfortunately not possible to terminate VPNs to another IP then the WAN primary IP.

What is blocking the IP?
MichaelBalackSenior System EngineerAuthor Commented:
Hi JSpoor,

Originally, on this current sonicwall, we setup 5 site-to-site VPNs to other countries, and all works fine. This firewall is located at Taiwan, and suddenly, the vpn to China dropped. The symptom is, China firewall WAN IP is not pingeable from Taiwan, and vice versa.

At the end, we confirmed that the Taiwan fiewall WAN ip has been blocked by China Telecom Authority. Repetitive appeals to get the IP delisted down to drain.
J SpoorTME / Network Security EvangelistCommented:
the reason for black listing?
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

MichaelBalackSenior System EngineerAuthor Commented:
No idea.
J SpoorTME / Network Security EvangelistCommented:
the only option you have then I guess is to swap IP's on the main side...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MichaelBalackSenior System EngineerAuthor Commented:
Mainland China is very sensitive upon the data from Taiwan. This could be a political issue. For any data (such as, encrypted data from VPN) that not able to track, they will block it.
J SpoorTME / Network Security EvangelistCommented:
you have any other sites? you can use to hub and spoke ?
MichaelBalackSenior System EngineerAuthor Commented:
As expert - JSpoor suggested, swap the IP address for WAN (x1) interface. We did it, and it works
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.