Re: Overlapping IP's address on interfaces- Why??

s.nasheet · ‎11-06-2009

Can I configure 2 IP addresses from the same subnet on two dirrefent interfaces on same box.

When I do that I get overlaps with Fa0/0 error.

I need to assign one IP to cisco 1841 ( connecting to router) , 2nd IP to 1841's fa0/0 and 3rd IP to sonicwall. All three public IP's are assigned to me by ISP.

Regards

mike_guy29 · ‎11-06-2009

Hi,

You would probably need to look at subnetting the address range accordingly to fit in with your topology. E.g. if my ISP had given me the 123.123.123.0/24 range I may subnet it so that one interface had 123.123.123.1/30 and another may have 123.123.123.5/30.

Hope that helps

Regards

Mike

s.nasheet · ‎11-06-2009

Hi Mike ,

Thanks,

My IP block rane is 95.141.153.232 /29 ( .233 to .238 useable IP's, .232 being a subnet ID and .239 being a broadcast.

Subnet is 255.255.255.248

At the moment .233 is assiggned to Cisco route (ADSL2+) and rest aren't in use.

If I seperate .233 from the rest of the network (as its a router IP connecintg to internet), how should my IP addreses scheme look like ( i.e IP address range for second subnet m subnet mask, and gatway IP.

I really appreciate your help.

Thanks

If I want to break this into two subnets how will

p.mcgowan · ‎11-06-2009

If I understand your problem correct you are trying to connect to the internet using the IP address range your ISP gave you and also use the same address range on your internal LAN.

This won't work.

Use the IP range that your ISP gave you on the outside interface and use a private address range like 10.1.1.0/24 in your inside network

s.nasheet · ‎11-06-2009

I only need to assing a public IP to Sonicwall firewall and the reason being is that customer want to use that public Ip to build VPN tunnel at the remote office.

Any other suggestion which allow Sonic wall to build the to the other offfie using a public or private Ip.

thanks for the help.

mike_guy29 · ‎11-06-2009

Hi,

You could use a private IP address on your sonicwall if you wish and then do static NAT at the router so. This will still work for VPN setup etc but you may have a bit of extra complexity setting up VPNs etc. I can't remember off the top of my head but I have set up a VPN to a sonicwall that was behind a natted address before and there was one extra option I need to change on the sonicwall end!

Or you could do as your are suggesting and assign a Public IP to the sonicwall outside and then the the router. In which case you would likely be natting on the Sonicwall and not the router. Depends on how you want to set things up/how they are working now.

Hope that helps.

Regards

Mike

s.nasheet · ‎11-06-2009

Mike,

Problem is I dont have access Sonicwall as its a client equipment and I am not sure how its currently configured.

If I ask client to use the same Public IP that is assigned to dialer0 interface to build the VPN , would that be possible.

In this case sonicwall will not do the NAT (1841 will do).

Regards

mike_guy29 · ‎11-06-2009

No not quite...

You would require a static translation on the router otherwise the other side of the VPN would not be able to initiate a VPN tunnel. It would be no good just overloading the dialer0 interface

They would then set their peer address as your dedicated translated public IP address and it would be natted through to your Sonicwalls private address when it hits the router. Your sonicwall would then process the IPsec as normal.

The problem I ran into was one end was embedding their private IP address into the IKE message (for identity I believe) and the other end was getting confused. This was easily rectified though I just can't remember the specific setting as it was a while back. Just keep an eye on the logs.

Hope this makes sense?

Regards

Mike