Solved

WAN IP Conflict on Sonicwall

Posted on 2016-11-04
5
131 Views
Last Modified: 2016-11-07
Background: Customer hosts an on-premise Exchange 2013 server, as well as a web-server that is critical to their operations. They can send and receive email perfectly well from on-site however due to the fact that the https and http ports are forwarded to this other web server the only way they can use email offsite is via IMAP. To complicate things further they are relaying their outgoing email through their isp's mail server due to some issues with spam filtering. This appears to prevent them from sending email out through their email server when offsite we have had to route their outgoing email through a 3rd mail server to allow them to send email from phones, unfortunately this has been causing regular issues.

Current Situation: We are attempting to get a second WAN interface set up on their Sonicwall TZ105 which will then be set up to communicate directly with the exchange server, in an attempt to be able to forward the proper ports and allow them to actually use exchange from outside of the office rather than IMAP. The issue is that their ISP hands out their WAN IP's DHCP via the WAN Interface MAC address, they are ultimately static IP's but not set statically in the router. All of these IP's are in the same /24 subnet which creates a conflict in the Sonicwall where it refuses to obtain the second IP DHCP and even if I attempt to plug in the information statically I get an IP conflict error and it won't take the configuration.

What I need to know is if there is any way I can configure this to allow me to use Exchange from offsite, either through the second WAN IP or some method I've overlooked?
0
Comment
Question by:Tyler Brooks
5 Comments
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points
ID: 41875138
If the wan is a /24 then the sonicwall can already bind any addresses in that range. Just use the public server wizard.
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 251 total points
ID: 41875168
Hello Tyler
May I suggest that you take a step back and tackle this problem at the root.
Most respectable ISPs split their IP ranges into 2 - domestic DHCP ones which should never send SMTP mail and business ones where the netblocks are assigned to the customer, and the customer is an identifiable respectable business.
If your IP addresses are in the domestic range you will encounter endless problems of the sort you describe, and the reputation of the company as an email sender will decline.

I strongly recommend that you get your ISP to assign you a business netblock with 8 IP addresses, 5 useable and to make sure that your company appears at apnic or ripe or wherever as the owner of these addresses.

Then you can set up all the proper DNS entries for OWA IMAP SMTP and so on different public and private IP addresses, with nice tidy NAT mappings.

Although there is some work upfront, you will never regret doing this by the book.
0
 
LVL 27

Assisted Solution

by:masnrock
masnrock earned 83 total points
ID: 41875329
Basically a mix of what Carol and Aaron have said.

A SonicWall will let you work with other IPS in the same subnet as the WAN without a second WAN interface.

But it is very odd that you cannot get static public IP addresses from the ISP. That doesn't make sense. What company is providing the connection?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 83 total points
ID: 41877200
It's not that strange if you think of the addresses to belong to the SAME network... (On different interfaces, that are not trunked...)

So you only need to setup an alias on the existing interface and put that alias in a 1:1 NAT to the Exchange server.
0
 
LVL 9

Author Closing Comment

by:Tyler Brooks
ID: 41877608
Thank you everyone for your assistance, I was able to work with the ISP to get another WAN IP on a different subnet which is a quick dirty solution but it works.

The ISP is a small local company and frankly we have been attempting to convince this client to switch to a different one for the better part of decade now but the owner is attached to them for some reason. They have a history of doing things their own way (read strangely) but usually are pretty willing to work with us as much as they can.

Sonicwall's aren't my strongest devices so I appreciate the advice.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange in house vs office 365 for security 6 46
Exchange 2013 on premise  mailbox  issue 2 41
exchange 7 23
EXCH2013 Standard and Enterprise CALs 5 17
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Find out what you should include to make the best professional email signature for your organization.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question