Second IP on WAN connection for VPN with Sonicwall

I have an office with a single internet connection and they are running a Sonicwall NSA220.  The connection comes in on a single CAT6 cable through the wall (no DSL or cable "modem").

My IPs are and  I have .10 configured on interface X1.  It is used in a site-to-site VPN.   I'd also like to use .15 in the same site-to-site VPN.  Yes, I know this is weird, but it this case, .10 is blocked (for now) by the Chinese firewall.  So I'd like to have both .10 and .15 used in the same site-to-site connection.

I don't think I can do the normal procedure for handling second IPs by NAT'ing them, since I don't know where to NAT them to.  Obviously I cannot have this second connection come through to X2 or X3.  I can't seem to create a virtual sub-interface under X1 since the IPs are in the same subnet.

What can I do?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
Are you really have site-to-site VPN ?
I think site-to-site in configured on Firewall level so doesn't matter what internal IP you have and how many IP's you've configured on your NIC since site-to-site VPN is connecting both routers/firewalls it's always ON.
Can you explain if you have  RRAS server in your network or VPN ins configured on SonicWall ?
If it's on Sonic Wall then is not restricted to internal IP if is in same subnet. So long story short if you have IP on your computer NIC and you have access to other site through VPN then if you will change IP to you still going to be able use VPN, or maybe I don't understand your setting.
J SpoorTMECommented:
on a SonicWall VPNs can only be terminated on the WAN IP, not on a secondary IP
encoadAuthor Commented:
Yes, I am really doing a site-to-site VPN.  No RRAS, no client software etc... Connecting two routable internal networks together.

To be honest I never "just tried" to do it without any configuration for the IP... maybe I'm over thinking this.  I'll give it a go.
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

encoadAuthor Commented:
J Spoor, are you 100% certain on this?  In order for me to test this I need to do a whole bunch of crazy stuff so I don't lose connectivity, I certainly don't want to waste the time.
J SpoorTMECommented:
yes, 100% sure.

you can't NAT it, no workarounds, excep adding a second ISP connection

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
J SpoorTMECommented:
so you are stuck with your .10 X1 IP, unless you re-ip it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.