• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Good cause needs help (YAGT??)

C

coolVariable

Diamond Member
This really hot woman in a neighboring office asked me to help with the network setup for the small business she works at ... obviously I want to help out.


How do I configure the following to allow access to the LAN via VPN from the internet?
They want to use the WinXP VPN feature (PPTP or L2TP).

The setup is the following:

WAN <=> Netopia Cayman 3546 Gateway <=> Sonicwall SOHO TZW Firewall <=> Server/LAN

The "server" is one of those LaCie Networked Harddrives ... it says Windows Powered but it is only a LaCie interface (not sure if it is possible to setup the wanted VPNs ....) although it seems as if the Sonicwall should support PPTP or L2TP too?


 
hopefully you are getting paid =). Not letting some tail take advantage of you cuz she is hot.
As for your issue, you should make sure the netopia is working in bridge mode not NAT mode. Because I bet the sonicwall is also being used as a router and you might be seeing double NAT'ing going on.
As for setting up the VPN, I would check sonicwalls support site on setting up windows client, they might even have their own clientsoftware to make it easier. Setting up that VPN might take you alot of time if you arent familiar with policy based firewalls and VPN security proposals.
 
I am sure that something is weird about the setup.
I can access the netopia and configure it from outside the network - but I cannot access the sonicwall - no matter what setting I try and ports I forward.

1. How do I prevent double NATing?
2. Can I set it up even with double NATing?
3. Thinking about taking the sonicwall out of the equation (either by buying a new firewall, using an old router from home ... or the netopia) ... ?



PS: Dinner is a good payment 😉
 
Question: Is the WAN ip of the sonicwall a public ip? Is the sonicwall's WAN statically configured or DHCP? What type of static ips are we dealing with? Sticky or Pure static?

Correct me if I am wrong. To check if NAT is on the Netopia goto configure->wan->rfc 1483 bridged ethernet-> Network Address Translation box.
On a sticky static config NAT is normally left on and pinholes/ipmaps are used in place. Sounds like you should create an ipmap, better yet a pinhoe if you know which ports you need to access your sonicwall.

Normally 3546 netopias are installed by a tech. Some of them leave private ips on the LAN side and don't disable NAT. Some Configure the LAN side to serve public ips, but with NAT on they are useless. As a safety precaution, most will leave the DHCP server of the netopia on.

I'd need more info to help you out, such as the WAN/LAN config of the Netopia, and if it is a /29 only, /30 and /29, or sticky static.

 
Originally posted by: coolVariable
I am sure that something is weird about the setup.
I can access the netopia and configure it from outside the network - but I cannot access the sonicwall - no matter what setting I try and ports I forward.

1. How do I prevent double NATing?
2. Can I set it up even with double NATing?
3. Thinking about taking the sonicwall out of the equation (either by buying a new firewall, using an old router from home ... or the netopia) ... ?



PS: Dinner is a good payment 😉
Click to expand...

1. You need to disable the NAT setup on the netopia, and setup the sonicwall to be your router/DHCP setup
2. You cant set it up with double NAT (too many headaches)
3. Buying another router will just run up into the same issues, and i thought VPN access is what was needed.

Found this site
It should help you configure the netopia.
You will need to go to the sonicwall website and get documentation on that when setting it up. You will also need the IP address pool assigned by the ISP as well as subnet masks/gateways/DNS settings.
 
Originally posted by: tweekah
Question: Is the WAN ip of the sonicwall a public ip? Is the sonicwall's WAN statically configured or DHCP? What type of static ips are we dealing with? Sticky or Pure static?

Correct me if I am wrong. To check if NAT is on the Netopia goto configure->wan->rfc 1483 bridged ethernet-> Network Address Translation box.
On a sticky static config NAT is normally left on and pinholes/ipmaps are used in place. Sounds like you should create an ipmap, better yet a pinhoe if you know which ports you need to access your sonicwall.

Normally 3546 netopias are installed by a tech. Some of them leave private ips on the LAN side and don't disable NAT. Some Configure the LAN side to serve public ips, but with NAT on they are useless. As a safety precaution, most will leave the DHCP server of the netopia on.

I'd need more info to help you out, such as the WAN/LAN config of the Netopia, and if it is a /29 only, /30 and /29, or sticky static.
Click to expand...



Don't worry guys ... I won't let some hottie screw me ... or better: Yes - I will 😀

I believe you are correct and there is double NAT going on: the Sonicwall uses an IP within the range configured for the DHCP server of the Netopia.

tweekah the following are the settings on the Netopia:

WAN Configuration:

WAN IP Interface
(RFC-1483 Bridged Ethernet vcc1)
Enable Interface: enabled
Obtain IP Address Automatically: disabled
IP Address: 68.xxx.xxx.xx (the public IP)
IP Netmask: 255.255.255.252
Address Mapping (NAT): enabled
Restrictions: None


LAN Configuration:

LAN IP Interface
(Ethernet 100BT)
Enable Interface: enabled
IP Address: 66.xxx.xxx.x8 (the internal IP)
IP Netmask: 255.255.255.248
Restrictions: None

DHCP Server Settings:

DHCP Server
Server Mode Server
Starting IP Address: 66.xxx.xxx.x3
Ending IP Address: 66.xxx.xxx.x7
Lease Period (d:h:m:s): 00:01:00:00


 
Originally posted by: coolVariable
Originally posted by: tweekah
Question: Is the WAN ip of the sonicwall a public ip? Is the sonicwall's WAN statically configured or DHCP? What type of static ips are we dealing with? Sticky or Pure static?

Correct me if I am wrong. To check if NAT is on the Netopia goto configure->wan->rfc 1483 bridged ethernet-> Network Address Translation box.
On a sticky static config NAT is normally left on and pinholes/ipmaps are used in place. Sounds like you should create an ipmap, better yet a pinhoe if you know which ports you need to access your sonicwall.

Normally 3546 netopias are installed by a tech. Some of them leave private ips on the LAN side and don't disable NAT. Some Configure the LAN side to serve public ips, but with NAT on they are useless. As a safety precaution, most will leave the DHCP server of the netopia on.

I'd need more info to help you out, such as the WAN/LAN config of the Netopia, and if it is a /29 only, /30 and /29, or sticky static.
Click to expand...



Don't worry guys ... I won't let some hottie screw me ... or better: Yes - I will 😀

I believe you are correct and there is double NAT going on: the Sonicwall uses an IP within the range configured for the DHCP server of the Netopia.

tweekah the following are the settings on the Netopia:

WAN Configuration:

WAN IP Interface
(RFC-1483 Bridged Ethernet vcc1)
Enable Interface: enabled
Obtain IP Address Automatically: disabled
IP Address: 68.xxx.xxx.xx (the public IP)
IP Netmask: 255.255.255.252
Address Mapping (NAT): enabled
Restrictions: None


LAN Configuration:

LAN IP Interface
(Ethernet 100BT)
Enable Interface: enabled
IP Address: 66.xxx.xxx.x8 (the internal IP)
IP Netmask: 255.255.255.248
Restrictions: None

DHCP Server Settings:

DHCP Server
Server Mode Server
Starting IP Address: 66.xxx.xxx.x3
Ending IP Address: 66.xxx.xxx.x7
Lease Period (d:h:m:s): 00:01:00:00
Click to expand...

Since NAT on the netopia is enabled and you don't have any ip maps or pinholes, you can't get past the netopia. You can disable address mapping (NAT) save, then click the yellow alert triangle in the upper-right hand corner. Give a courtesy notice to users, then do a save and restart, this should bring down the netopia briefly and kick you out.

After NAT is disabled, your /29 block of ips 66.xxx.xxx.x3 to .x7 should all "real" routable public ips. You should then be able to ping the public ip on the WAN side of the Sonicwall, and configure it from there.

Don't forget anything plugged into the netopia will be directly exposed to the net. I would suggest moving them behind the sonicwall if applicable.

:beer: cheers
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top