devinp's profile

Tutor

 • 

3 Messages

Friday, April 27th, 2012 5:04 PM

2wire static IP's with Sonicwall for site-to-site VPN

Hello,

 

I've seen the post:

 

http://forums.att.com/t5/Residential-Gateway/U-verse-for-BUSINESS-2Wire-3600HGV-bridge-mode-or-another-AT-amp/m-p/2707755

 

And need a little help getting this going.

 

We have a block of 5 static IP's from ATT and was wonder how to get working, they are 108.x.x.x addresses.

 

If I set the Sonicwall wan port to DHCP it pulls a public IP of 76.x.x.x from the 2wire.

 

I went ahead and used this IP for a test in our site-to-site config and it worked until a reboot of the devices.

 

But I want to use IP's from our 106.x.x.x range.

 

I tried seting the LAN on the 2wire with an IP from the 106.x range and the WAN port of the Sonicwall with another one and that wasn't working.  Just trying to figure out the logic in what it is doing.  If the 108.x address are nat'd to the 76.x address etc.

 

I'll do some more testing soon at the site.

 

Thanks a lot.

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

12 years ago

First, organize your IP addresses from the 108.x.x.x block. You were given a block of 8. I will use 0-7 to illustrate this example, but replace those numbers with the ones you were given:

108.x.x.0 - Network address, unusable
108.x.x.1 - Available
108.x.x.2 - Available
108.x.x.3 - Available
108.x.x.4 - Available
108.x.x.5 - Available
108.x.x.6 - Use for the RG address
108.x.x.7 - Broadcast address, unusable

Go to the following page on the 2Wire:

http://192.168.1.254/xslt?PAGE=C_1_1

At the bottom:

1. Check "Add Additional Network".
2. In the router address field, put in the RG's IP address from your 108.x.x.x block (in my example, it would be the 108.x.x.6 address, but substitute the address from your block).
3. For the subnet mask, use 255.255.255.248.
4. Don't check the Auto Firewall Open box.
5. Click Save.

Now, on your Sonicwall, configure the WAN interface to be statically assigned, use one of the available 108.x.x.x addresses, such as (in my example, 108.x.x.1 -- substitute an available address from your block).  Use 255.255.255.248 for the subnet mask, 108.x.x.6 for the default gateway (that would be for my example -- substitute your RG address from your block here), and for DNS addresses use one of:

 

1. 68.94.156.1 and 68.94.157.1 if you want to use AT&T's DNS servers

2. 8.8.8.8 and 8.8.4.4 if you want to use Google's DNS servers

3. 208.67.222.222 and 208.67.220.220 if you want to use OpenDNS's servers

 

Verify that the computers behind the Sonicwall can now access the internet.

Now go to the following page on the RG:

http://192.168.1.254/xslt?PAGE=C_2_4

This is the IP address allocation page, scroll down and find the IP address you assigned to the Sonicwall. Set the pull-down menus on that address as follows:

Firewall: Disabled
Address Assignment: Public (select WAN IP mapping)
WAN IP Mapping: Public from Pool 108.x.x.x

Click Save.

Now go to the following page on the RG:

http://192.168.1.254/xslt?PAGE=C_3_2

Under Enhanced Security, uncheck:

Stealth Mode
Block Ping
Strict UDP Session Control

Under the Attack Detection section, uncheck all boxes.

Click Save.

The Sonicwall should now be able to bring up a VPN tunnel.

Tutor

 • 

3 Messages

12 years ago

Thanks a lot for the help.  I really appreciate it.

 

I'll be out at the site again Monday and I'll try it out.

 

Thanks again.

Tutor

 • 

3 Messages

12 years ago

Thanks a lot for the help.  Sorry about the delay but ATT had to find and fix some issues on the line brought in.  They fixed it up and the vpn tunnel came right up.

 

I really appreciate the help.

 

Thanks again.

Expert

 • 

9.4K Messages

12 years ago

No problem, glad it's working!
Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.