• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 38
  • Last Modified:

Second IP on WAN connection for VPN with Sonicwall

I have an office with a single internet connection and they are running a Sonicwall NSA220.  The connection comes in on a single CAT6 cable through the wall (no DSL or cable "modem").

My IPs are xxx.xxx.xxx.10 and xxx.xxx.xxx.15.  I have .10 configured on interface X1.  It is used in a site-to-site VPN.   I'd also like to use .15 in the same site-to-site VPN.  Yes, I know this is weird, but it this case, .10 is blocked (for now) by the Chinese firewall.  So I'd like to have both .10 and .15 used in the same site-to-site connection.

I don't think I can do the normal procedure for handling second IPs by NAT'ing them, since I don't know where to NAT them to.  Obviously I cannot have this second connection come through to X2 or X3.  I can't seem to create a virtual sub-interface under X1 since the IPs are in the same subnet.

What can I do?
0
encoad
Asked:
encoad
  • 3
  • 2
2 Solutions
 
Tom CieslikIT EngineerCommented:
Are you really have site-to-site VPN ?
I think site-to-site in configured on Firewall level so doesn't matter what internal IP you have and how many IP's you've configured on your NIC since site-to-site VPN is connecting both routers/firewalls it's always ON.
Can you explain if you have  RRAS server in your network or VPN ins configured on SonicWall ?
If it's on Sonic Wall then is not restricted to internal IP if is in same subnet. So long story short if you have 192.168.1.10 IP on your computer NIC and you have access to other site through VPN then if you will change IP to 192.168.1.15 you still going to be able use VPN, or maybe I don't understand your setting.
0
 
J SpoorTMECommented:
on a SonicWall VPNs can only be terminated on the WAN IP, not on a secondary IP
0
 
encoadAuthor Commented:
Yes, I am really doing a site-to-site VPN.  No RRAS, no client software etc... Connecting two routable internal networks together.

To be honest I never "just tried" to do it without any configuration for the IP... maybe I'm over thinking this.  I'll give it a go.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
encoadAuthor Commented:
J Spoor, are you 100% certain on this?  In order for me to test this I need to do a whole bunch of crazy stuff so I don't lose connectivity, I certainly don't want to waste the time.
0
 
J SpoorTMECommented:
yes, 100% sure.

you can't NAT it, no workarounds, excep adding a second ISP connection
0
 
J SpoorTMECommented:
so you are stuck with your .10 X1 IP, unless you re-ip it
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now