Sonicwall routing between multiple subnets on multiple interfaces
Solution 1
As recommended by David Schwartz, the way I solved this problem was to create a NAT entry in the SonicWall that translated the "Source Address" from the 192.168.2.0/24
network to the SonicWall's interface address on the 192.168.1.0/24
network. Then I allowed traffic to go from all LAN
subnets on the sonicwall to the X3
subnet. Works like a charm.
(I meant to post this answer a while ago; never got around to it).
Solution 2
Devices in 192.168.3.0 need to know that they can reach devices in 192.168.2.0 via 192.168.3.254. The way they'll know that is to create a route on "Another Router" for 192.168.2.0 via 192.168.3.254.
EDIT
When you ping or connect to a device in 192.168.3.0 the return traffic has to have a path back to the device in 192.168.2.0 that originated the traffic. That path needs to go through 192.168.3.254. By default all non-local traffic in 192.168.3.0 will be forwarded to "Another Router" since it's the default gateway for hosts in the 192.168.3.0 network. Once you have the route configured in "Another Router" you need to create a firewall rule on the Sonicwall that blocks traffic originating in 192.168.3.0 from accessing 192.168.2.0. When traffic originates from 192.168.2.0 the return traffic will be allowed through the firewall since it originated in 192.168.2.0.
Solution 3
it might be late for RAIN, but as I was among the people who still faced this issue, I thought it might help others also to learn another more direct approach on this setup:
http://www.blizzardcomputers.com/multihome-lan-sonicwall/
Example for 192.168.10.1/24
Under Network Menu Click Address Objects.
Name: My Secondary Subnet (or any friendly name)
Zone Assignment: LAN
Type: Network
Network: 192.168.10.1
Netmask: 255.255.255.0 (This is for a /24 change as needed)
Click OK
Under Network Menu Click ARP
Static Arp entries > ADD
IP Address: 192.168.10.1 (use the IP you want to be your default gateway for this subnet)
Interface: X0 (Choose your current LAN port)
[x] Publish Entry
[ ] Bind Mac Address (Do not select)
Click OK
Under Network Menu Click Routing
Under Route Policies choose Add
Source: Any
Destination: My Secondary Subnet (Or whatever you named your new Address Object)
Service: Any
Gateway: 0.0.0.0
Interface: X0 (or the port you chose in ARP setup if your LAN port was not X0)
Metric: 20
Click OK
Related videos on Youtube
Rain
Updated on September 18, 2022Comments
-
Rain almost 2 years
As shown by the network diagram below, I have two completely separate networks. One is being managed by a Sonicwall NSA 220, the other by some other router (the brand is not important). My goal is to allow devices within the
192.168.2.0/24
network to access devices in the192.168.3.0/24
network. Allowing the reverse (192.168.3.0/24
->192.168.2.0/24
) is not required.So far, I have done the following: I connected the
X3
Interface on the Sonicwall to the192.168.3.0/24
network switch (shown as the dashed red line in the diagram). Next, I gave it a static ip address of192.168.3.254
and set theZone
toLAN
(the sameZone
for theX0
interface). Judging by various articles and KBs I've read, this is all that should be necessary, although it does not work.I can ping
192.168.3.254
from any device in the192.168.2.0/24
network although I cannot ping/connect to any device within the192.168.3.0/24
network.Any help would be greatly appreciated!
Network Diagram:
(I asked a similar, yet more complicated, question earlier; although, I realized that I cannot solve that without first solving this (which may actually solve my original question))
-
Rain over 11 yearsEven if the device in 192.168.2.0 initiates the connection? Devices in 192.168.3.0 will never need to access devices in 192.168.2.0
-
joeqwerty over 11 yearsYes. See my edit.
-
Rain over 11 yearsWell shoot. I do not have easy access to the router on 192.168.3.0. It is also very, very old. Next time I get a chance to explore the web interface I'll give your suggestion a shot. If it works, I'll come back and accept your answer! Thanks!
-
joeqwerty over 11 yearsIf you don't have access to the router but you do have access to the devices you can manually add a route to the routing table on each device. This isn't recommended because it's a lot of manual work, prone to error and would need to be updated if the route ever changes, but it will work.
-
David Schwartz over 11 yearsYou could have the SonicWall do NAT. For all hosts in 192.168.2.0/24 sending to 192.168.3.0/24, it could NAT the source IP to 192.168.3.254.
-
Rain over 11 years@DavidSchwartz could you please describe this in more detail? Maybe in a separate answer if it directly solves my problem?