Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

WAN IP Conflict on Sonicwall

Posted on 2016-11-04
5
Medium Priority
?
176 Views
Last Modified: 2016-11-07
Background: Customer hosts an on-premise Exchange 2013 server, as well as a web-server that is critical to their operations. They can send and receive email perfectly well from on-site however due to the fact that the https and http ports are forwarded to this other web server the only way they can use email offsite is via IMAP. To complicate things further they are relaying their outgoing email through their isp's mail server due to some issues with spam filtering. This appears to prevent them from sending email out through their email server when offsite we have had to route their outgoing email through a 3rd mail server to allow them to send email from phones, unfortunately this has been causing regular issues.

Current Situation: We are attempting to get a second WAN interface set up on their Sonicwall TZ105 which will then be set up to communicate directly with the exchange server, in an attempt to be able to forward the proper ports and allow them to actually use exchange from outside of the office rather than IMAP. The issue is that their ISP hands out their WAN IP's DHCP via the WAN Interface MAC address, they are ultimately static IP's but not set statically in the router. All of these IP's are in the same /24 subnet which creates a conflict in the Sonicwall where it refuses to obtain the second IP DHCP and even if I attempt to plug in the information statically I get an IP conflict error and it won't take the configuration.

What I need to know is if there is any way I can configure this to allow me to use Exchange from offsite, either through the second WAN IP or some method I've overlooked?
0
Comment
Question by:Tyler Brooks
5 Comments
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 332 total points
ID: 41875138
If the wan is a /24 then the sonicwall can already bind any addresses in that range. Just use the public server wizard.
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 1004 total points
ID: 41875168
Hello Tyler
May I suggest that you take a step back and tackle this problem at the root.
Most respectable ISPs split their IP ranges into 2 - domestic DHCP ones which should never send SMTP mail and business ones where the netblocks are assigned to the customer, and the customer is an identifiable respectable business.
If your IP addresses are in the domestic range you will encounter endless problems of the sort you describe, and the reputation of the company as an email sender will decline.

I strongly recommend that you get your ISP to assign you a business netblock with 8 IP addresses, 5 useable and to make sure that your company appears at apnic or ripe or wherever as the owner of these addresses.

Then you can set up all the proper DNS entries for OWA IMAP SMTP and so on different public and private IP addresses, with nice tidy NAT mappings.

Although there is some work upfront, you will never regret doing this by the book.
0
 
LVL 33

Assisted Solution

by:masnrock
masnrock earned 332 total points
ID: 41875329
Basically a mix of what Carol and Aaron have said.

A SonicWall will let you work with other IPS in the same subnet as the WAN without a second WAN interface.

But it is very odd that you cannot get static public IP addresses from the ISP. That doesn't make sense. What company is providing the connection?
0
 
LVL 41

Assisted Solution

by:noci
noci earned 332 total points
ID: 41877200
It's not that strange if you think of the addresses to belong to the SAME network... (On different interfaces, that are not trunked...)

So you only need to setup an alias on the existing interface and put that alias in a 1:1 NAT to the Exchange server.
0
 
LVL 9

Author Closing Comment

by:Tyler Brooks
ID: 41877608
Thank you everyone for your assistance, I was able to work with the ISP to get another WAN IP on a different subnet which is a quick dirty solution but it works.

The ISP is a small local company and frankly we have been attempting to convince this client to switch to a different one for the better part of decade now but the owner is attached to them for some reason. They have a history of doing things their own way (read strangely) but usually are pretty willing to work with us as much as they can.

Sonicwall's aren't my strongest devices so I appreciate the advice.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question