Questions

Router Madness - any help?

+
0 Votes
Locked

Router Madness - any help?

longtex
One of our offices has a small LAN, consisting of 7 computers, connected through a DLink 824VUP router. Five computers are wireless, two are wired to the DLink.

Everything works fine: ? the computers all see the 'net through the Speedstream 4100 connected to the WAN side of the router; the computers see each other in their Workgroup (SONET) and are able to share files and printers.

They want to build a VPN tunnel to a remote office (actually, it's not all that remote, just in a different building a block or so away) using SonicWall TZ170Ws.

All computers in both offices are XP Pro boxes.

When I replace the DLink with the SonicWall, the Workgroup basically vanishes... the two wired computers see each other, but the wirelesses see only the SonicWall ? they don't see each other or the wired computers at all... can't even ping, either by name or by IP address. Actually, trying back at my office to whack on the TZ170, I see a similar effect in that I connect the TZ to the DSL modem/router, which is a Netopia 4-porter, and while it does connect okay through its WAN port and does give me a =local= LAN in my office, in which all the local wired computers see each other, again I can't ping or connect with the other computers in the building, connected to the Netopia, even though ALL computers are on the 192.168.37.xxx subnet... obviously, there's something I don't get about this whole thing.

The DLink's DHCP server had all 7 computers on the same subnet, 192.168.1.100-107; the SonicWall doesn't seem to be able to do that ? it has two DHCP servers (apparently) one for LAN and one for WLAN; the LAN is 192.168.1.xxx and the WLAN is 172.16.31.xxx and trying to change the DHCP for the WLAN doesn't let it have the 192.168.1. anything that I can see.

Frankly, I don't give a rat's *** what the IPs are in this office ? first, I want the file and printer sharing to work, and then I want to be able to tunnel to the other office and either run a set of apps on one computer there, or otherwise remote to it if the speed of the tunnel is too slow.

I don't know whether the SonicWall or the PCs need to be tweaked, or both... or whether we need to go insert these two $600 TZ170s into someone's nether regions (hopefully not mine...).

Any ideas?
  • +
    0 Votes
    Churdoo

    That's a wireless security feature on the sonicwall. I presume you can turn it off so you can get back to your desired functionality, but I don't know enough about the sonicwall to tell you where/how.

    Hopefully someone else can pick up the ball and run with it for you.

    +
    0 Votes
    michael

    I don't know SonicWall, but the behavior is the same as I've experienced with Cisco. The solution on Cisco is to bridge the two LANs together into one routed virtual bridge interface (BVI). There's one DHCP pool, and all the PCs see each other at layer 2, which is what you're after.

    To say it another way, the wired interface and wireless interface should have no IP addressing, but rather bridge to a common virtual interface that is then routed.

    +
    0 Votes
    longtex

    Thanks - Sounds plausible... I'm trying to fight my way through the maze of RDETs at SonicWall. So far I can't get past the "bridge" term, which to them means to bridge two separate SonicWalls' wireless together. They insist that the LAN and WLAN have no problem intercommunicating so it must be an issue with the PCs... "So, if the PCs aren't set up correctly, why is it that they work when the DLink is used?" "Oh, my goodness, Sir, I apologize, but we cannot be telling that; you see we are technically supporting SonicWall only very much, Sir."

    Thanks again!

    +
    0 Votes
    CG IT

    though I didn't read anyone else's post, your initial post didn't really say what type of VPN.

    point to point persistent or just be able to use a PC and VPN over the WAN to another PC?

    Sonicwall stuff is ok but the add on's and their yearly cost makes it as expensive as a Cisco device.

    Other vendors like Dlink, Netgear have SMB devices that don't have all the pricey yearly cost addons that Sonicwall does and will do what you want.

    Note: if you want PC to server VPN you can do that without pricey equipment. just create a VPN connection on the PC to the address of the server, create some rules on the receiving end's router allowing VPN access or use Windows RRAS and forward in VPN connections to it.

    +
    0 Votes
    longtex

    The client has two DLink routers, theoretically capable of VPNning, but with DLink techo support was never able to make it work. Some of my old clients use SonicWalls and were always happy with them. They're Linux systems mostly with a few Windows boxes, running multiple stores and HQ/warehouses with access possible (depending on the user permissions, of course) from any computer in any location to any other computer in any other location (including my home and office)... from my perspective, being able to "get on" register 4 in a store 400 miles away, from my home office was a pretty nifty thing. Unfortunately, I didn't do the installations or setups on the SWs, or I mught've learned a trick or two from the guy who did the work... so it "Seemed like a good idea at the time" - you may have heard that one before.

    Soooo, anyway, it's now working for the LAN/WLAN part, at least. It turned out to be a matter of turning off the wireless intrusion detection and enabling a couple of pass-throughs that by default were not enabled... next we get to the VPN part, so that will be ummmmm interesting, no doubt.

  • +
    0 Votes
    Churdoo

    That's a wireless security feature on the sonicwall. I presume you can turn it off so you can get back to your desired functionality, but I don't know enough about the sonicwall to tell you where/how.

    Hopefully someone else can pick up the ball and run with it for you.

    +
    0 Votes
    michael

    I don't know SonicWall, but the behavior is the same as I've experienced with Cisco. The solution on Cisco is to bridge the two LANs together into one routed virtual bridge interface (BVI). There's one DHCP pool, and all the PCs see each other at layer 2, which is what you're after.

    To say it another way, the wired interface and wireless interface should have no IP addressing, but rather bridge to a common virtual interface that is then routed.

    +
    0 Votes
    longtex

    Thanks - Sounds plausible... I'm trying to fight my way through the maze of RDETs at SonicWall. So far I can't get past the "bridge" term, which to them means to bridge two separate SonicWalls' wireless together. They insist that the LAN and WLAN have no problem intercommunicating so it must be an issue with the PCs... "So, if the PCs aren't set up correctly, why is it that they work when the DLink is used?" "Oh, my goodness, Sir, I apologize, but we cannot be telling that; you see we are technically supporting SonicWall only very much, Sir."

    Thanks again!

    +
    0 Votes
    CG IT

    though I didn't read anyone else's post, your initial post didn't really say what type of VPN.

    point to point persistent or just be able to use a PC and VPN over the WAN to another PC?

    Sonicwall stuff is ok but the add on's and their yearly cost makes it as expensive as a Cisco device.

    Other vendors like Dlink, Netgear have SMB devices that don't have all the pricey yearly cost addons that Sonicwall does and will do what you want.

    Note: if you want PC to server VPN you can do that without pricey equipment. just create a VPN connection on the PC to the address of the server, create some rules on the receiving end's router allowing VPN access or use Windows RRAS and forward in VPN connections to it.

    +
    0 Votes
    longtex

    The client has two DLink routers, theoretically capable of VPNning, but with DLink techo support was never able to make it work. Some of my old clients use SonicWalls and were always happy with them. They're Linux systems mostly with a few Windows boxes, running multiple stores and HQ/warehouses with access possible (depending on the user permissions, of course) from any computer in any location to any other computer in any other location (including my home and office)... from my perspective, being able to "get on" register 4 in a store 400 miles away, from my home office was a pretty nifty thing. Unfortunately, I didn't do the installations or setups on the SWs, or I mught've learned a trick or two from the guy who did the work... so it "Seemed like a good idea at the time" - you may have heard that one before.

    Soooo, anyway, it's now working for the LAN/WLAN part, at least. It turned out to be a matter of turning off the wireless intrusion detection and enabling a couple of pass-throughs that by default were not enabled... next we get to the VPN part, so that will be ummmmm interesting, no doubt.