Solved

WAN IP Conflict on Sonicwall

Posted on 2016-11-04
5
56 Views
Last Modified: 2016-11-07
Background: Customer hosts an on-premise Exchange 2013 server, as well as a web-server that is critical to their operations. They can send and receive email perfectly well from on-site however due to the fact that the https and http ports are forwarded to this other web server the only way they can use email offsite is via IMAP. To complicate things further they are relaying their outgoing email through their isp's mail server due to some issues with spam filtering. This appears to prevent them from sending email out through their email server when offsite we have had to route their outgoing email through a 3rd mail server to allow them to send email from phones, unfortunately this has been causing regular issues.

Current Situation: We are attempting to get a second WAN interface set up on their Sonicwall TZ105 which will then be set up to communicate directly with the exchange server, in an attempt to be able to forward the proper ports and allow them to actually use exchange from outside of the office rather than IMAP. The issue is that their ISP hands out their WAN IP's DHCP via the WAN Interface MAC address, they are ultimately static IP's but not set statically in the router. All of these IP's are in the same /24 subnet which creates a conflict in the Sonicwall where it refuses to obtain the second IP DHCP and even if I attempt to plug in the information statically I get an IP conflict error and it won't take the configuration.

What I need to know is if there is any way I can configure this to allow me to use Exchange from offsite, either through the second WAN IP or some method I've overlooked?
0
Comment
Question by:Tyler Brooks
5 Comments
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points
Comment Utility
If the wan is a /24 then the sonicwall can already bind any addresses in that range. Just use the public server wizard.
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 251 total points
Comment Utility
Hello Tyler
May I suggest that you take a step back and tackle this problem at the root.
Most respectable ISPs split their IP ranges into 2 - domestic DHCP ones which should never send SMTP mail and business ones where the netblocks are assigned to the customer, and the customer is an identifiable respectable business.
If your IP addresses are in the domestic range you will encounter endless problems of the sort you describe, and the reputation of the company as an email sender will decline.

I strongly recommend that you get your ISP to assign you a business netblock with 8 IP addresses, 5 useable and to make sure that your company appears at apnic or ripe or wherever as the owner of these addresses.

Then you can set up all the proper DNS entries for OWA IMAP SMTP and so on different public and private IP addresses, with nice tidy NAT mappings.

Although there is some work upfront, you will never regret doing this by the book.
0
 
LVL 20

Assisted Solution

by:masnrock
masnrock earned 83 total points
Comment Utility
Basically a mix of what Carol and Aaron have said.

A SonicWall will let you work with other IPS in the same subnet as the WAN without a second WAN interface.

But it is very odd that you cannot get static public IP addresses from the ISP. That doesn't make sense. What company is providing the connection?
0
 
LVL 39

Assisted Solution

by:noci
noci earned 83 total points
Comment Utility
It's not that strange if you think of the addresses to belong to the SAME network... (On different interfaces, that are not trunked...)

So you only need to setup an alias on the existing interface and put that alias in a 1:1 NAT to the Exchange server.
0
 
LVL 7

Author Closing Comment

by:Tyler Brooks
Comment Utility
Thank you everyone for your assistance, I was able to work with the ISP to get another WAN IP on a different subnet which is a quick dirty solution but it works.

The ISP is a small local company and frankly we have been attempting to convince this client to switch to a different one for the better part of decade now but the owner is attached to them for some reason. They have a history of doing things their own way (read strangely) but usually are pretty willing to work with us as much as they can.

Sonicwall's aren't my strongest devices so I appreciate the advice.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now