You are correct, if you have a free interface (eg. X6) on each router connect ISP-LAN at each site to that interface. I don't know if the SonicWALLs support VRRP but it is not needed. DHCP will not cross subnets unless you enable an IP Helper.
The ISP-LAN connection replaces your VPN but you will need to add some routes (which would have been implied or created previously due to the VPN). I'm guessing your ISP will refer to this has a managed VPN, an MPLS or a VLAN network.
However you will need to know what IPs/network your ISP has assigned to each ISP-LAN (where you have "???" in your picture).
First Case:
IF your ISP has given you IPs on your subnets at each site (eg. 10.10.1.254 at Site 1 and 192.168.1.254 at Site 2) then you can route via these IPs. Assign (or leave) X6 on the LAN (same as X2/X3/etc). Then go to Network | Routing. You will need to create a route on each site (or you could use RIP, but not needed for 2 sites).
At Site 1 your route will be something like:
Source: Any
Destination: Site2 Subnet (192.168.1.0 / 255.255.255.0)
Service: Any
Gateway: ISP-LAN IP (10.10.1.254)
Interface: LAN/X0 (since it's on the LAN)
Metric: 20 (should be fine)
Create a similar route at Site 2 (but Destination of Site 1's Network using the Gateway of ISP-LAN at Site 2 [192.168.1.254]). I've done this for clients when this is how the ISP has configured things (used IPs on the local LAN to provide access via "the cloud").
Second Case:
HOWEVER, if the ISP has used a DIFFERENT subnet for the ISP-LAN connection (such as 172.16.1.x or something) then you will need to configure X6 to be on that subnet, you won't need NAT. I've also done this for clients (where the ISP provides a 3rd subnet to join to 2 sites) -- in this case X6 will be on that 3rd subnet and the routes will be created automatically [just allow access with firewall rules].
So a QUESTION for you: What is the IP/subnet of the ISP-LAN at each site? Is it as you have in your picture (the X6 / ??? IPs) or is it something else?
EDIT: (since I can't add a comment)
I'm glad that helped. You would have DHCP traversing if the ISP configured the link as a Layer 2 link (essentially a VLAN) between the 2 ISP routers -- DHCP wouldn't cross Layer 3 without assistance but will Layer 2 (like on a switch). Now that you have added a different subnet to the link (your 10.0.0.1/30 subnet) you should be fine (the routers won't pass DHCP broadcast traffic beyond the subnet).
You can configure the routes with Probes so that they will deactivate if something fails, if you convert your VPN from an IPsec Policy VPN to a Tunnel Based VPN (which uses routes for the VPN) you can have it fail-over if you wanted. BUT since the ISP's VLAN and the Internet based VPN are running through the same ISP router the chance of only ONE failing is slim. (if you had a different back-up ISP then having a backup VPN would be a good idea)
As for the speed issue, I would check if you have BWM enabled on either router, other than that contact your ISP.
First, 255.255.255.0
and 255.255.255.128
are invalid networks. Maybe you mean 200.200.1.0/25
and 200.200.1.128/25
(masks of 255.255.255.128
)?
If you prevent one of your networks from accessing the other for security reasons, then you cannot access servers on one network from the other network.
It may be possible for your servers to have two NICs, one in each network. You would need to do some configuration on those servers to only allow certain applications to be used on each network. Server configuration is off-topic here, but you could ask about that on Server Fault.
Another possibility is that the ACL(s) on the router which block access from one network to the other could have an exception to allow only the specific server addresses and protocols through to the other network. The exact configurations would depend on the specific router model and software version.
Best Answer
That does not match the information in your question. Your two networks have completely separate subnets, but they use the same IP (IPv4).
Routers route packets between networks.
One problem you have is that the devices in Network 1 need to have a gateway configured, otherwise they cannot communicate outside the network. The gateway is a router and the host on the network that knows how to reach other networks. A host will determine if the destination of a packet is on a different network, and it will frame the packet with the LAN address of the gateway for a packet destined to a different network.
It looks like you just need to connect Network 1 to your router and configure that router interface to be in the same network, then configure the hosts on that network to use the address of the router interface as their gateway. The router should automatically route packets between the networks.