I have two separate networks: a data network and a VoIP network. The data network has a sonicwall tz210 on it between our network and our ISP. We just installed a separate VoIP network connected via a router to a different ISP. I need to connect the data network to the VoIP network only for administration of the VoIP server and control of the phones (app that runs on the desktop to control the phone). No call traffic will go over the data network. I am not quite sure how to setup the sonicwall to do this properly. below is a our setup and criteria for the setup
DATA network 10.0.0.0/24
VoIP network 172.24.1.0/24
VoIP network has 52 port managed switch and router installed by telephone vendor connected to FIOS (5 static IPs, using 100.40.4.102)
DATA network has managed switches connected to a sonicwall tz210 then to cable modem->internet. x0 LAN, x1 wan (we will be moving the data network to use the FIOS on one of the other static IPs.)
I would like to use x2 to connect to the VoIP network so that only traffic bound for 172.24.1.0/24 goes out x2. and all other traffic goes out x1. Each user will need their PC (on DATA) to see their phone (on VoIP) as well as I will need to be able to connect to the VoIP server (on VoIP).
on DATA there is a windows server running DHCP (sonicwall DHCP is disabled). On VoIP the router there is giving out IP to the phones via DHCP. so i need DHCP servers not to interfere with each other. unfortunately our phone vendor in not familiar with the sonicwalls. Any help would be appreciated. Thanks.
LBC
Best Answer
Your question doesn't list any specific IPs so I'm just going to make some assumptions, change them as needed. You can do what you want, DHCP is broadcast only within the local subnet (won't be passed by a router unless you configure specific options to do so).
Assuming:
SonicWALL:
Telephone Vendor Router:
On the SonicWALL, configure:
Configure X2 on the SonicWALL with a free IP on the VoIP subnet, let's say: 172.21.1.2/24. If the vendor controls this subnet ask them for a free IP, otherwise do an IP Scan.
Under Network | PortShield Group, edit X2 and ensure it is Unassigned (not assigned to X1). Then under Network | Interfaces, edit X2. Assign it to the LAN zone (assuming you trust the VoIP traffic - if you don't then use DMZ and you will need to create Firewall rules; choose LAN if you're unsure, to start). Set it for a Static IP, configure the IP, and other settings as desired.
Note: A route will automatically be created under Network | Routing (from Any to X2 Subnet, for Any Service).
If you selected X2 Zone = LAN the Firewall rules will already be created (assuming Interface Trust is enabled for the LAN zone, which it is by default). If you set X2 Zone = DMZ you will need to go to Firewall | Access Rules. Create or edit rule from LAN > DMZ, and DMZ > LAN for the X0 and X2 interface (I would suggest keeping things wide open, Any/Any/Any, during testing and then tighten up after if needed).
Connect X2 to the VoIP switch.
On the Phone Router:
NOW: you or the Phone Vendor will need to create a route on the other router. No IP or interface needs to be configured. The route will need to be:
If you were testing with a PC connected to the VoIP network (with a 172.21.1.x IP) the Windows route command would be:
Depending on the config of the Voice Router there may be firewall polices that need to be created, but hard to say - I suspect not.
Result:
Anything on your Data LAN will have a default gateway of the SonicWALL - and the SonicWALL has an interface on the VoIP network so can pass packets along. Anything on the Void Network will have a default gateway of the Phone Router and that router now has a route pointing to the Data LAN via the IP you assigned to the X2 interface, so packets can travel back.