Solved

WAN IP Conflict on Sonicwall

Posted on 2016-11-04
5
141 Views
Last Modified: 2016-11-07
Background: Customer hosts an on-premise Exchange 2013 server, as well as a web-server that is critical to their operations. They can send and receive email perfectly well from on-site however due to the fact that the https and http ports are forwarded to this other web server the only way they can use email offsite is via IMAP. To complicate things further they are relaying their outgoing email through their isp's mail server due to some issues with spam filtering. This appears to prevent them from sending email out through their email server when offsite we have had to route their outgoing email through a 3rd mail server to allow them to send email from phones, unfortunately this has been causing regular issues.

Current Situation: We are attempting to get a second WAN interface set up on their Sonicwall TZ105 which will then be set up to communicate directly with the exchange server, in an attempt to be able to forward the proper ports and allow them to actually use exchange from outside of the office rather than IMAP. The issue is that their ISP hands out their WAN IP's DHCP via the WAN Interface MAC address, they are ultimately static IP's but not set statically in the router. All of these IP's are in the same /24 subnet which creates a conflict in the Sonicwall where it refuses to obtain the second IP DHCP and even if I attempt to plug in the information statically I get an IP conflict error and it won't take the configuration.

What I need to know is if there is any way I can configure this to allow me to use Exchange from offsite, either through the second WAN IP or some method I've overlooked?
0
Comment
Question by:Tyler Brooks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points
ID: 41875138
If the wan is a /24 then the sonicwall can already bind any addresses in that range. Just use the public server wizard.
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 251 total points
ID: 41875168
Hello Tyler
May I suggest that you take a step back and tackle this problem at the root.
Most respectable ISPs split their IP ranges into 2 - domestic DHCP ones which should never send SMTP mail and business ones where the netblocks are assigned to the customer, and the customer is an identifiable respectable business.
If your IP addresses are in the domestic range you will encounter endless problems of the sort you describe, and the reputation of the company as an email sender will decline.

I strongly recommend that you get your ISP to assign you a business netblock with 8 IP addresses, 5 useable and to make sure that your company appears at apnic or ripe or wherever as the owner of these addresses.

Then you can set up all the proper DNS entries for OWA IMAP SMTP and so on different public and private IP addresses, with nice tidy NAT mappings.

Although there is some work upfront, you will never regret doing this by the book.
0
 
LVL 29

Assisted Solution

by:masnrock
masnrock earned 83 total points
ID: 41875329
Basically a mix of what Carol and Aaron have said.

A SonicWall will let you work with other IPS in the same subnet as the WAN without a second WAN interface.

But it is very odd that you cannot get static public IP addresses from the ISP. That doesn't make sense. What company is providing the connection?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 83 total points
ID: 41877200
It's not that strange if you think of the addresses to belong to the SAME network... (On different interfaces, that are not trunked...)

So you only need to setup an alias on the existing interface and put that alias in a 1:1 NAT to the Exchange server.
0
 
LVL 9

Author Closing Comment

by:Tyler Brooks
ID: 41877608
Thank you everyone for your assistance, I was able to work with the ISP to get another WAN IP on a different subnet which is a quick dirty solution but it works.

The ISP is a small local company and frankly we have been attempting to convince this client to switch to a different one for the better part of decade now but the owner is attached to them for some reason. They have a history of doing things their own way (read strangely) but usually are pretty willing to work with us as much as they can.

Sonicwall's aren't my strongest devices so I appreciate the advice.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question