gpsocs
asked on
SonicWALL - Multiple subnet configuration
So presently I have this configuration for one VPN leg (if you've followed previous discussions you'll know that this is ultimately going to be a set of two teamed / failover VPNs) set up and working on a Linksys RV042:
https://img.skitch.com/20110221-d2quxi749mdig26qmnrab5qwck.jpg
A diagram of the network topology is as follows:
https://img.skitch.com/20110219-gx38xuirrj6uymfkddmy6epxec.jpg
How would I duplicate this RV042 configuration on this particular SonicWALL TZ 180?
It sounds as though trunking and tagging perhaps would have been a better option? However I'm not sure of how that would work on this unit yet either. Any instructions or information as how to get set this out properly would be appreciated.
I simply want to do what's correct with this particular unit so whichever method to support the TOPOLOGY DIAGRAM above would be optimal vs simply duplicating the configuration.
https://img.skitch.com/20110221-d2quxi749mdig26qmnrab5qwck.jpg
A diagram of the network topology is as follows:
https://img.skitch.com/20110219-gx38xuirrj6uymfkddmy6epxec.jpg
How would I duplicate this RV042 configuration on this particular SonicWALL TZ 180?
It sounds as though trunking and tagging perhaps would have been a better option? However I'm not sure of how that would work on this unit yet either. Any instructions or information as how to get set this out properly would be appreciated.
I simply want to do what's correct with this particular unit so whichever method to support the TOPOLOGY DIAGRAM above would be optimal vs simply duplicating the configuration.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ah, this is good. removing the VPN there really makes things less complicated. then you'd only need to add the route for their subnet when they are part of the MPLS cloud.
ASKER
I'm assuming Network -> Routing -> Route Policies -> ADD... and then it gets a little dicey for me after this point.
Obviously the concept is solid, but the actual execution on this unit is disconcerting given the options.
Source: ? ANY ? (Probably any)
Destination: ? ANY ? (Probably any)
Service: Any (I'm assuming that would be right here for all traffic)
Gateway: ? Default Gateway ? (Dunno)
Interface: Not sure on this one... probably WAN, but options are: WAN, LAN (obviously not OPT or WLAN)
Metric: 1 (not sure of this)
Disable route when the interface is disconnected: unchecked
Allow VPN path to take precedence: unchecked
Now, also, we may have a secondary Internet coming into this unit in the near term. I assume we can use teaming / failover with the OPT port. But boy, that's another topic for another crazy day. :) I wish I only had this to worry about right now! LOL
Obviously the concept is solid, but the actual execution on this unit is disconcerting given the options.
Source: ? ANY ? (Probably any)
Destination: ? ANY ? (Probably any)
Service: Any (I'm assuming that would be right here for all traffic)
Gateway: ? Default Gateway ? (Dunno)
Interface: Not sure on this one... probably WAN, but options are: WAN, LAN (obviously not OPT or WLAN)
Metric: 1 (not sure of this)
Disable route when the interface is disconnected: unchecked
Allow VPN path to take precedence: unchecked
Now, also, we may have a secondary Internet coming into this unit in the near term. I assume we can use teaming / failover with the OPT port. But boy, that's another topic for another crazy day. :) I wish I only had this to worry about right now! LOL
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So right now just "VPN 2" (AT&T, which is to be backup within the next few days) is active. So essentially each node is just that, a node in the mesh. We have, therefore at the Main Office router 10.10.11.1 and, in this example, 10.10.12.1 as the router at the other site with the HDX unit out there being at 10.10.12.50. You can presently cut the larger router icon out of the mix as I currently am only dealing with the AT&T provided Cisco routers hooked to switches.
ASKER
So example path: Office 1 HDX <-> Router <-> Internet <-> SonicWALL TZ 180 <-> 10.10.11.1 <-> 10.10.12.1 <-> 10.10.12.50
whatever network the sonicwall does not know about, you simply create the route for that network and specify the gateway as being the router that DOES know about that subnet. as long as the router has an interface on the LAN subnet which the sonicwall does know about, it will find the path just fine.
ASKER
<sigh> So sorry to make you work for this one. :)
So I'm looking here Gateway and I Add an Address Object:
Zone Assignment appears to obviously be LAN.
Type... hrm, I could see it being a host in terms of directing traffic to that router a the Main Office, which is 10.10.11.1 OR I could see it being Network and the 10.10.12.0/24 network... I'm sure I'm overthinking here now being about 2AM.
So then the same on the Destination, what am I looking at for that there? I'm assuming Network for that one and probably Host for the previous Gateway option.
And yes, the LAN on the TZ 180 is directly connected to a Cisco switch which is hooked into the AT&T Ciscos router 10.10.11.1.
So I'm looking here Gateway and I Add an Address Object:
Zone Assignment appears to obviously be LAN.
Type... hrm, I could see it being a host in terms of directing traffic to that router a the Main Office, which is 10.10.11.1 OR I could see it being Network and the 10.10.12.0/24 network... I'm sure I'm overthinking here now being about 2AM.
So then the same on the Destination, what am I looking at for that there? I'm assuming Network for that one and probably Host for the previous Gateway option.
And yes, the LAN on the TZ 180 is directly connected to a Cisco switch which is hooked into the AT&T Ciscos router 10.10.11.1.
so, you want the destination to be the network on the other side of att connection and the gateway to be the att router. sorry to cut off...hope it works. time for me and my pregnant wife to go to bed...12a here. i'll be back at it in a few hours.
ASKER
Yeah, that's it. The destination is the 10.10.12.50 for now being the HDX over there or just generally the 10.10.12.0/24 network and the gateway on the Main Office side out to the VPN cloud is 10.10.11.1.
Understood. I'm crashing out now as well. 4 kids and a plethora of other stuff so I know what you're going through. ;) Yeah, I have to have this all in place in the morning after a 2 hour drive to the main site so I'm trying to get my ducks in a row before I set out.
The last thing I have to figure out is how in the heck I'm going to get a block of IPs on the current Internet we have in place vs the new one we're supposed to already have in place that has a very large c block of ips assigned. <sigh>
Understood. I'm crashing out now as well. 4 kids and a plethora of other stuff so I know what you're going through. ;) Yeah, I have to have this all in place in the morning after a 2 hour drive to the main site so I'm trying to get my ducks in a row before I set out.
The last thing I have to figure out is how in the heck I'm going to get a block of IPs on the current Internet we have in place vs the new one we're supposed to already have in place that has a very large c block of ips assigned. <sigh>
hehehe...you really do understand! so, are the public ips non-continguous? typically, you just assign a public ip, configure the subnet mask and that's it. what makes this batch of ips so challenging?
ASKER
What makes it challenging at the moment is whether we even have one for this particular Internet connection we're using atm... :\ The other connection hasn't been dropped in the Main Office yet. Blah.
oh...so, you are going from a crappy Internet connection to a better one? sorry, must have stayed up too late.
ASKER
Yeah, but I don't know how "crappy" crappy is actually until I can talk to someone who knows it since it's provided by the office building owners. Blah. I don't even have a good handle on the previous topology yet since I came into this midstream and am effectively tearing down and rebuilding as i go. LOL
I'm wondering about buying a small block temporarily for this existant situation until we get the long term conn in place... I just wish I could get a hold of someone at this point on site.
So yeah, I need to get those address objects config'd properly from our discussion last night. Are you able to give me a little closer insight to the Destination and Gateway now that I've provided that information as well as how the Add Address Object dialog will be config'd for each of those two? I think if I have that I'll be good.
I'm wondering about buying a small block temporarily for this existant situation until we get the long term conn in place... I just wish I could get a hold of someone at this point on site.
So yeah, I need to get those address objects config'd properly from our discussion last night. Are you able to give me a little closer insight to the Destination and Gateway now that I've provided that information as well as how the Add Address Object dialog will be config'd for each of those two? I think if I have that I'll be good.
ASKER
So yeah, if I could get some clarity on that, that would be great. I'm going to ask specifically what to ask in another question as I can assign some more points since the IP issues is a separate one and I could use some additional brain share as I ask the appropriate questions and get that resolved this morning.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, it is 10.10.11.0/24 on the local area network at Main Office.
Also, the IP issue is posted if you have interest. Thanks so very much.
Also, the IP issue is posted if you have interest. Thanks so very much.
i am and have commented. you're welcome and thanks for the points!
ASKER