Solved

WAN IP Conflict on Sonicwall

Posted on 2016-11-04
5
100 Views
Last Modified: 2016-11-07
Background: Customer hosts an on-premise Exchange 2013 server, as well as a web-server that is critical to their operations. They can send and receive email perfectly well from on-site however due to the fact that the https and http ports are forwarded to this other web server the only way they can use email offsite is via IMAP. To complicate things further they are relaying their outgoing email through their isp's mail server due to some issues with spam filtering. This appears to prevent them from sending email out through their email server when offsite we have had to route their outgoing email through a 3rd mail server to allow them to send email from phones, unfortunately this has been causing regular issues.

Current Situation: We are attempting to get a second WAN interface set up on their Sonicwall TZ105 which will then be set up to communicate directly with the exchange server, in an attempt to be able to forward the proper ports and allow them to actually use exchange from outside of the office rather than IMAP. The issue is that their ISP hands out their WAN IP's DHCP via the WAN Interface MAC address, they are ultimately static IP's but not set statically in the router. All of these IP's are in the same /24 subnet which creates a conflict in the Sonicwall where it refuses to obtain the second IP DHCP and even if I attempt to plug in the information statically I get an IP conflict error and it won't take the configuration.

What I need to know is if there is any way I can configure this to allow me to use Exchange from offsite, either through the second WAN IP or some method I've overlooked?
0
Comment
Question by:Tyler Brooks
5 Comments
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points
ID: 41875138
If the wan is a /24 then the sonicwall can already bind any addresses in that range. Just use the public server wizard.
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 251 total points
ID: 41875168
Hello Tyler
May I suggest that you take a step back and tackle this problem at the root.
Most respectable ISPs split their IP ranges into 2 - domestic DHCP ones which should never send SMTP mail and business ones where the netblocks are assigned to the customer, and the customer is an identifiable respectable business.
If your IP addresses are in the domestic range you will encounter endless problems of the sort you describe, and the reputation of the company as an email sender will decline.

I strongly recommend that you get your ISP to assign you a business netblock with 8 IP addresses, 5 useable and to make sure that your company appears at apnic or ripe or wherever as the owner of these addresses.

Then you can set up all the proper DNS entries for OWA IMAP SMTP and so on different public and private IP addresses, with nice tidy NAT mappings.

Although there is some work upfront, you will never regret doing this by the book.
0
 
LVL 24

Assisted Solution

by:masnrock
masnrock earned 83 total points
ID: 41875329
Basically a mix of what Carol and Aaron have said.

A SonicWall will let you work with other IPS in the same subnet as the WAN without a second WAN interface.

But it is very odd that you cannot get static public IP addresses from the ISP. That doesn't make sense. What company is providing the connection?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 83 total points
ID: 41877200
It's not that strange if you think of the addresses to belong to the SAME network... (On different interfaces, that are not trunked...)

So you only need to setup an alias on the existing interface and put that alias in a 1:1 NAT to the Exchange server.
0
 
LVL 8

Author Closing Comment

by:Tyler Brooks
ID: 41877608
Thank you everyone for your assistance, I was able to work with the ISP to get another WAN IP on a different subnet which is a quick dirty solution but it works.

The ISP is a small local company and frankly we have been attempting to convince this client to switch to a different one for the better part of decade now but the owner is attached to them for some reason. They have a history of doing things their own way (read strangely) but usually are pretty willing to work with us as much as they can.

Sonicwall's aren't my strongest devices so I appreciate the advice.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now