Huge headache with AD, DNS, DHCP, Server 2003

Discussion in 'Networking' started by Booshanky, Nov 8, 2012.

  1. Booshanky

    Booshanky Member

    Joined:
    Dec 17, 2001
    Messages:
    124
    Likes Received:
    0
    I know the title isn't very telling, but that's how vague and weird this little group of problems is.

    Here's the layout of the network.

    We have three public IP's from our ISP that are routed through an older sonicwall router using one-to-one NAT. We'll call them .241 .242 and .243. The way it's currently set up, on the WAN settings of the Router, it has .241 listed as the "WAN Gateway (Router) address", and .242 as the "SonicWall WAN IP (NAT Public) Address". Under "one-to-one NAT", it has .243 pointed to the local server here, at 192.168.10.3. The server functions as the local DNS server and DHCP server.

    Now, for some STRANGE reason, it hands out IP addresses no problem and everything works awesomely up until we get past 192.168.10.50. Once IP addresses start getting assigned higher than that, they just refuse to connect to the internet. All of the IP info is coming correct,

    IP 192.168.10.52
    SUBNET 255.255.255.0
    GATEWAY 192.168.10.1

    DNS 192.168.10.3

    But it just goes nowhere. I have DHCP set up to assign IP's all the way up to .75 so that's good. I just have no idea where this could be locking up as I don't use windows servers as DHCP servers very often. Someone set this up a LONG time ago.


    Any clue what the problem might be? I'm tearing my hair out here.
     
  2. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Some Sonicwalls are licensed per node. Do you have access to the licensing page? It is also possible the NAT rules only allow 192.168.10.1-50 which means anything above that would not have a NAT rule to transverse.
     
  3. drebo

    drebo Diamond Member

    Joined:
    Feb 24, 2006
    Messages:
    7,043
    Likes Received:
    1
    Get rid of the SonicWall, fire the "tech" or "IT guy" that suggested it and get a real firewall.

    Cisco 891 or Juniper SRX100 would be a good start.
     
  4. Booshanky

    Booshanky Member

    Joined:
    Dec 17, 2001
    Messages:
    124
    Likes Received:
    0
    Ahhhh, THAT could be it! So one of those routers does one-to-one NAT or whatever they call it?

    It's just a really old setup.
     
  5. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Nearly all Enterprise firewalls do 1:1 NAT. My question is... why do you need 1:1 NAT. The description in the OP shows no good reason for it. You should also be looking at your NAT pool. Most workstations will run in 1:Many and it is very possible that the "many" pool for your environment is ".243" : 192.168.10.1 - .50 so there is no rule available for .51+
     
Loading...