Second IP on WAN connection for VPN with Sonicwall

Posted on 2017-10-12
High Priority
Last Modified: 2018-02-06
I have an office with a single internet connection and they are running a Sonicwall NSA220.  The connection comes in on a single CAT6 cable through the wall (no DSL or cable "modem").

My IPs are xxx.xxx.xxx.10 and xxx.xxx.xxx.15.  I have .10 configured on interface X1.  It is used in a site-to-site VPN.   I'd also like to use .15 in the same site-to-site VPN.  Yes, I know this is weird, but it this case, .10 is blocked (for now) by the Chinese firewall.  So I'd like to have both .10 and .15 used in the same site-to-site connection.

I don't think I can do the normal procedure for handling second IPs by NAT'ing them, since I don't know where to NAT them to.  Obviously I cannot have this second connection come through to X2 or X3.  I can't seem to create a virtual sub-interface under X1 since the IPs are in the same subnet.

What can I do?
Question by:encoad
  • 3
  • 2
LVL 28

Expert Comment

by:Tom Cieslik
ID: 42328858
Are you really have site-to-site VPN ?
I think site-to-site in configured on Firewall level so doesn't matter what internal IP you have and how many IP's you've configured on your NIC since site-to-site VPN is connecting both routers/firewalls it's always ON.
Can you explain if you have  RRAS server in your network or VPN ins configured on SonicWall ?
If it's on Sonic Wall then is not restricted to internal IP if is in same subnet. So long story short if you have IP on your computer NIC and you have access to other site through VPN then if you will change IP to you still going to be able use VPN, or maybe I don't understand your setting.
LVL 10

Expert Comment

by:J Spoor
ID: 42328863
on a SonicWall VPNs can only be terminated on the WAN IP, not on a secondary IP

Author Comment

ID: 42328906
Yes, I am really doing a site-to-site VPN.  No RRAS, no client software etc... Connecting two routable internal networks together.

To be honest I never "just tried" to do it without any configuration for the IP... maybe I'm over thinking this.  I'll give it a go.
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.


Author Comment

ID: 42328934
J Spoor, are you 100% certain on this?  In order for me to test this I need to do a whole bunch of crazy stuff so I don't lose connectivity, I certainly don't want to waste the time.
LVL 10

Accepted Solution

J Spoor earned 3000 total points
ID: 42328950
yes, 100% sure.

you can't NAT it, no workarounds, excep adding a second ISP connection
LVL 10

Assisted Solution

by:J Spoor
J Spoor earned 3000 total points
ID: 42328954
so you are stuck with your .10 X1 IP, unless you re-ip it

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question