We have a two-location business with our head quarters in Arlington, and a remote office in Dallas. Currently, both of our offices are running a sonicwall NSA 2600 and hold a VPN tunnel between each other (using the sonicwalls). We recently purchased a point-to-point connection from our ISP between the two locations. Essentially each modem has a port that is a direct link to the other with a dedicated 100mb pipe.
I'm wanting to replace the VPN tunnel with what I assume would be an additional LAN interface on each sonicwall pointing towards the other networks subnet.
Arlington: 10.74.1.1/24
Dallas: 10.74.2.1/24
Here's an example:
+-----------+ X0 ---- LAN 10.74.1.1/24
| |
WAN_IP ---- X1 | SonicWall |
| Arlington |
+-----------+ X2 -------- X2 +-----------+ X0 ---- 10.74.2.1/24
^ | |
| | Sonicwall | X1 ---- WAN_IP
| | Dallas |
| +-----------+
|
This X2 would traverse
the point-to-point connection
between each of my ISP's modems
My question would be, how do I configure each X2 interface? My thought would be for example:
Configuring the X2 interface on the Arlington sonicwall as: LAN, Address of 10.74.2.1, mask of 255.255.255.0. And configuring the X2 interface on the Dallas sonicwall as: LAN, address of 10.74.1.1, mask of 255.255.255.0. Also, can I test the LAN interfaces configured like this WHILE the VPN tunnel is still alive? Or would that cause some issues with routing between the two networks?
We need these networks to communicate the same way as they do over the VPN tunnel right now.
Any advice would be appreciated!
Best Answer
That won't work, because both 10.74.1.0/24 and 10.74.2.0/24 are both in use. Not only that, a PtP connection requires a mutual prefix.
Use a different IP range, and a smaller one. Put 10.75.0.1/30 (255.255.255.252) on Arlington X2, and 10.75.0.2/30 (255.255.255.252) on the Dallas X2.
Then on Arlington, add a route: 10.74.2.0/24 -> 10.75.0.2 and on Dallas: 10.74.1.0/24 -> 10.75.0.1.
I've never used a SonicWall before, so I don't know if the VPN will take precedence over the newly installed routes or not. How I would test this is take a single IP from each side's LAN, and route those over the new PtP.
So, on a laptop set as 10.74.2.10 on one side, and 10.74.1.10 on the other, on Arlington, route 10.74.2.10/32 -> 10.75.0.2 and in Dallas, route 10.74.1.10 -> 10.75.0.1. Again, I don't know if the Sonicwalls will bypass the crypto to route these over the ptp, but it might be worth a try. You could also set up a new temporary prefix at each side, and route that before going live.
Lastly, after EOB, set up the routes, see what happens, disable the VPN, and see what happens. If it works, you're done. If not, you've got a documented ordered list of what was done. Backtrack until you get original status-quo working again, and go from there.