dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7549

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

Sonicwall and multiple WAN IPs

Hello,

I have 2 Soniwall NSA 250M.

I cannot seem to be able to configure multiple WAN IPs to a WAN interface. Is this possible?. I have X1 = ISP1 and X2 = ISP2. But i need to have multiple IPs on each of those interfaces.

Yes, i have googled, but nothing seems tot point me on to whether it is possible or not.

Thanks.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Subint with an IP address assigned to it? Or multiple IPs to the physical interface, something like

interface {x}
ip address x.x.x.x
ip address y.y.y.y secondary
 

Pretty sure it should do the first option pretty easily, I'm not so sure about the 2nd. You may need
to put in a call to Sonicwall to confirm.

My 00000010bits

Regards
tomdlgns
Premium Member
join:2003-03-21

1 edit

tomdlgns to PToN

Premium Member

to PToN
what is the reason for needing multiple WAN IPs on each interface? curious to hear more about that.
AsherN
Premium Member
join:2010-08-23
Thornhill, ON

AsherN to PToN

Premium Member

to PToN
Multiple discrete IPs or a subnet?

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN to tomdlgns

Premium Member

to tomdlgns
SSL VPN using 443 conflicts with the PAT for the web server.
PToN

PToN to HELLFIRE

Premium Member

to HELLFIRE
Yeah, that's what i want to do. Butt SonicWall is a bit different on that matter.
tomdlgns
Premium Member
join:2003-03-21

1 edit

tomdlgns to PToN

Premium Member

to PToN
don't you have an IP block from the ISP?

edit- you need to point 1 IP to the web server and the other IP to the SSL VPN appliance.

ISP 1

1.1.1.2 NAT rule to web server
1.1.1.3 NAT rule to ssl vpn

ISP 2

2.2.2.2 NAT rule to web server
2.2.2.3 NAT rule to ssl vpn

if you have IP blocks for both WAN connections, you should also enabled load balancing so that your website and ssl vpn appliance are both responsive if the primary WAN connection drops.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

Yes, that's how it is setup right now with my Vyatta routers. However, SonicWall OS is different. I cant just go and add a second IP to the X1 and X2 (WAN) interfaces.

I was just wondering if anyone was familiar with it and new how to do it.

According to google, you are suppised to create address objects and then NAT it with source and destination.

Thanks.
tomdlgns
Premium Member
join:2003-03-21

1 edit

tomdlgns

Premium Member

Do you have an IP block from each ISP?

If so, run the public server wizard and use whatever IP you want (in the block).

edit- if you use the wizard it will create the address objects for you, all you need to do is fill in the blanks. i prefer using the wizard because 3 NAT rules are created, inbound, outbound, loopback.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

I've done that. It only allows me to set 1 IP.

Yes, i do have an IP block from each ISP
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

hmmm, then you are not doing something right.

i have my x1 WAN interface set with 1 IP and i have 20+ inbound NAT rules that take people to webmail, vpn appliance, webservers, etc....all of those different servers use their own WAN IP.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

But your X1 interface does not have all those other IPs, correct? Does it just responds to the IPs in the block? And then i assume that you NAT those IPs based on the WAN destination IP, correct?

Thanks.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

correct, it comes in on the x1 interface due to the subnet of the x1 interface and the NAT rule directs it to the correct device behind my network based on which incoming WAN IP the request was made on.

you said that is what you wanted to do.

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

Yeah, that's what i want to do.

So if i have IPs x.x.x.82-86 /29, Must i set X1 to the first IP in my block so that it responds to the rest of the IPs in the range? (X1 = .82 ?) Because right now X1 is the last IP (.86)

Thanks.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

you can use any IP in the block as the x1 address

personally, i use the first address as x1, .82

then i run the wizard, it asks for public IP, i use .83 then the next IP is the private one, obviously you know which to use there.

next rule/device i will use .84, etc....

when i am done, i create DNS records to point to the respective IPs

.82 points to office.domain.com (edit, this is just an example, i normally don't have the sonicwall open to the public, i will vpn in and use the private ip to manage it when not on site).

.83 points to vpn.domain.com

.84 points to www and @ domain.com (that would be the web server, obviously)

etc.....

but x1 only has 1 address tied to it....(in my scenario)

PToN
Premium Member
join:2001-10-04
Houston, TX

PToN

Premium Member

I see. That's where i was getting thrown off. I thought i could tie up IPs directly to the interface, but you cant on the WAN interfaces.

Thanks a lot.!
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

np and good luck. i highly recommend you use the public server wizard, it will help out a lot.
tomdlgns

tomdlgns to PToN

Premium Member

to PToN
one more thing, if you set up WAN failover, be careful and look at all the options. the first time i set it up i only set it up for link failover. when my ISP connection went down (on their end, off my property), WAN 2 didn't kick in because the link from my sonicwall to the ISP gateway was still alive. now that it is setup the right way, it fails to WAN 2 (and back to 1 when it comes online) w/o anyone knowing.