SonicWall VPN Configuration with two LAN IP's.

Sonic firewall configuration I'm looking over that I'm unfamiliar with. I've always opened the ISP device (in this case Time Warners modem) up in bridge mode and passed everything straight through to the firewall. The network I'm researching now was configured with the Time Warner device not setup in bridge mode which has created two LAN's. Please see diagram for further details.
networkIf the configuration with the Time Warner modem were in bridge mode I would create NAT's for X0 and X1 however in the network above it's obvious more configuration is needed on the SonicWall.

May be worth noting they're not configured with a static IP either. I plan to use Dyn DNS or something similar to address this.

Ultimate goal is configure L2TP VPN server to allow VPN access. I have everything configured for VPN and the users as well, error message just reports can't reach the VPN server.
LVL 17
WORKS2011Managed IT, Cyber Security, BackupAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
You don't have 2 LAN, you just have 2 NAT's
It will be vary hard to configure VPN connection to your internal LAN 192.168.25.0 passing through Modem NAT
I assume you want to use RRAS server configured on your"Server" tower

If you know how VPN is working then you should know that client from outside your network is waiting for authentication and IP from your internal DHCP server to establish tunel

Since you have NAT between your WAN and LAN on Modem, connection can't be established since your Internal DHCP can;t provide local IP through NAT for external client.

You can try a trick. If is possible try to put your "Server" IP to DMZ on sonic then test VPN.
It should work that way, but it will be not very secure.

I think that you have 2 choices.

1. Is to switch modem to Bridge mode and all firewall rules can be configured on SonicWall
2. You can try to put SonicWall WAN IP to Modem DMZ, so all ports will be forwarded (it will work almost like Bridge)


Please let me know if this has any sense for you.
WORKS2011Managed IT, Cyber Security, BackupAuthor Commented:
Hi Tom, it's not my network to configure I've been asked to assist. I do like the idea of configuring bridge mode its always served me best to exclude TimeWarner (and any ISP) when it comes to managing a network.
WORKS2011Managed IT, Cyber Security, BackupAuthor Commented:
I assume you want to use RRAS server configured on your"Server" tower
no actually I don't want to use RRAS at all, I want to make a VPN connection into the L2TP server on the firewall only. RRAS will not be used.

Since you have NAT between your WAN and LAN on Modem, connection can't be established since your Internal DHCP can;t provide local IP through NAT for external client.
more reason to go to bridge mode - correct. Not sure I want to mess with the DMZ, will have more regarding this when I take a look at the modem today and get more info regarding it.

Thanks Tom.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

masnrockCommented:
What model is the TW modem?  And does the company in question have static IP addresses? As Tom pointed out, bridge mode is how the modem should be configured since the TW modem seems to actually be a modem/router combo.

Also as Tom mentioned, you only need one LAN (unless you need multiple internal LANs for something). Only the WAN port should be connected to the TW modem.

If for some reason the TW modem cannot be configured into bridge mode, I would recommend replacing it with a modem-only unit. That will keep your life *far* easier.
Tom CieslikIT EngineerCommented:
Like I said,,,, switch Modem to Bridge mode, or If for some reason you can't, just put SonicWall WAN IN to DMZ on Modem.
That's all you can do
WORKS2011Managed IT, Cyber Security, BackupAuthor Commented:
Went onsite to check things and found Time Warner has a splitter switching incoming cable to two modems and one phone converter. In case this doesn't fully resonate a splitter with three coax cables going to three different devices before the SonicWall. I called TW support to inform them I'm 99.9% certain this is causing problems. After a short period and me giving them the benefit of the doubt, they're sending a tech out to overlook the current config. I know this doesn't have anything to do with the VPN question but I'm certain getting a static IP and switching to bridge mode will be an option once the cable modem(s) is configured correctly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
Why are there two modems? Are there multiple tenants in the space? Someone has to be able to explain that.

I don't know about TW, but I have seen instances where you can connect directly to a router with static public IP (Comcast when you have one of their business gateways). But even then, you're only using one LAN port, and the WAN is connected to the modem/router.
WORKS2011Managed IT, Cyber Security, BackupAuthor Commented:
Time Warner finally resolved the issue after they found the static IP they gave us was already in use. It wasn't showing in use the time they assigned it and why/how the problem was created. After a day or so the IP obviously created issues when it registered as an ip conflict.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.