Issue with netmask of 2nd WAN Interface on Pro2040

[MarkGlidden]

I have a pro series 2040 with enhanced OS, using two WAN interfaces. All traffic except email goes out X1 to the Internet. The second WAN is a DSL and ip / mask 69.x.x.120 mask 255.255.255.128. The problem is when clients on the LAN get an ip address above x.x.x.128 they cannot connect to the Internet via the Sonicwall. If I change the ip address to something less than x.x.x.128 it goes right through. This is not a huge problem at the moment because I still have several ip addresses available, but it seems extremely odd, that the mask of the X2 interface seems to have an effect on clients connecting to the internet from a LAN subnet (X0) using the primary WAN on X1.

I would be interested in any thoughts on a long term solution.

Thanks,
Mark

 

[SonicWALLInstructor]

Hi Mark,

I want to be the first to Welcome you to our forum, there are many experienced and knowledgable techs on SonicWALL products, so don't be afraid to post your SonicWALL related problems here. Also there is another good forum exclusive for SonicWALL products only at

http://www.sonicusers.com.

Post your problems at both places. The more the better.

Ok I need more info:

1. Is the firewall acting as the DHCP Server?
2. Do you have firewall rules restricting Internet traffic (LAN-WAN)?
3. What is your LAN interface settings? (IP, Subnet mask)?
4. What is your load balance setting (WAN Failover Tab)?

Roger White CSSA, CGMS, CISSP, CISA, CISM, GSEC
Certified SonicWALL Engineer & Instructor
Certified Security Architect and Auditor
SonicWALL Curriculum Developer
SonicWALL Academy
(718)450-8127

 

[MarkGlidden]

Hi Roger,
No the firewall is not the DHCP server, that is coming from the AD server.
From the LAN to the WAN is wide open, with exception of email which is filtered to the DMZ appliance in both directions and comes and goes through the X2 interface.
The SonicWall interface (X0) is 192.168.100.1 /30
The user LAN is 192.168.50.x /24
Primary WAN X1
Secondary X2
Load balancing is not enabled
policy to redirect email to DMZ and out X2 (route and rules, and address objects in place)

X1 is 64.x.x.188 /30
External ip addresses are 64.x.x.248 /29
all user traffic is NAT'd to X1 interface ip address of 190.

Mark

 

[SonicWALLInstructor]

Hi Mark Thanks for your prompt reply.

I see a problem might lie in your LAN IP Schema:

the sonicwall is on 192.168.100.0 /30 subnet and the users are on the 192.168.50.0/24 network. Also what IPs your DHCP SCOPE on the AD Server is giving out. You might have to adjust the range to the subnet.

One thing is puzzling me is what is x.x.x.128 in your first post?

This will help me in coming up with a solution to your problem

Roger White CSSA, CGMS, CISSP, CISA, CISM, GSEC
Certified SonicWALL Engineer & Instructor
Certified Security Architect and Auditor
SonicWALL Curriculum Developer
SonicWALL Academy
(718)450-8127

 

[MarkGlidden]

Hi Roger,
The DHCP scope on the lan is 192.168.50.101 - 192.168.50.200
the 255.255.255.128 in the first post is the mask from the DSL provider which is WAN interface X2. I know adjusting the scope so it gives out ip addresses less than 192.168.50.128 will work, but this is the fifth SonicWall implementation I have done and have never seen this result before. It is an extremely interesting issue.

thanks,
Mark