Routing – 1-1 NAT on a SonicWall with a DMZ

dellnat;routingsonicwallvoip

A new PBX is being installed at one of our clients today, and they have requested that we give them one of our unused public IP addresses(Comcast is the ISP, have a block of IPs) for use with the PBX. Additionally, phones on the local network (on the LAN subnet) are going to need a private IP address for the PBX to connect to it. Finally, they want the PBX to be in a DMZ, and not to be behind the firewall.

To clarify, I need to configure the sonicwall to:

Give a public IP address (from Comcast modem) to a device on the network.
Assign a private IP to that device as well, accessible from LAN.
Said public IP address must be a DMZ (no firewall).

What is the best way to accomplish this?

Best Answer

In this situation, you should put your PBX device in DMZ zone, assign a private IP address for it, then create an Inbound access rule and an Inbound One-to-One NAT policy for public/Internet traffic hitting your public IP address gets translated/forwarded to PBX device.

Specifically, you can do following things:

Place you PBX in DMZ zone/interface of the SonicWall appliance. You will need to configure this DMZ zone/interface in advance. DMZ interface and hosts/servers reside in this DMZ zone should use a different IP subnet/range than your LAN Zone/network. For instance, your LAN uses the 10.0.0.0/24, then you should use 172.16.1.0/24 for DMZ interface.
Assign an IP address for PBX device in 172.16.1.0/24 subnet. For instance, 172.16.1.10 for the device while 172.16.1.1 is for DMZ Interface (this is also the default gateway for PBX device).
At this point, you can create rules and policies on SonicWall for hosts/phones in LAN zone to reach this PBX device in DMZ zone.
For public network to reach this PBX device on a WAN public IP address (different than your SonicWall WAN interface), you need to create a Access Rule and a One-to-One NAT policy for Inbound Traffic. Let us assume that you have a public IP range of 12.34.56.0/28, your ISP device uses 12.34.56.1, your SonicWall WAN Interface uses 12.34.56.2, and you reserve the IP 12.34.56.5 as public-facing IP address for PBX device. Then your One-to-One NAT policy is for 12.34.56.5 => 172.16.1.10. Another way is that you create a One-to-One NAT policy for Outbound Traffic from PBX device, then mirror this policy (reflexive) for Inbound Traffic. You can find the detailed information for this implementation in "Configuring NAT Policies" section in SonicOS Administration Guide.

I hope it is helpful and you can make it!

Best Answer

Related Solutions

Routing – Sonicwall NSA 2600 routing issues with multiple LAN interfaces configured

SonicWALL – Redirect to Login Page on SonicWALL

Related Topic