Sonicwalls and Comcast Metro E

[tck307]

Hello,

We are about to switch over from Sonicwall vpn between our three sites to Comcast Metro E via the Comcast supplied Cienna switches with our Sonicwall 1260s handling routing. Does anyone have any experience with this type of switch over? I am trying to wrap my head around how internal ips will get translated over this new wan as opposed to the VPN connection.

Are vlans my best bet? Straight Natting with the Sonicwalls?

Any insights appreciated. Comcast support has been spotty with info.

Thanks.

 

[joepc]

With the metro E or carrier level Ethernet I have worked with it was all layer 2. You did't "need" a firewall or router at each site. However, if your subnets aren't able to be changed to the same or if you have a significant amount of nodes at each site it would help to have them. they will help controll/monitor traffic between the sites.

If you do want the sonicwalls at each site you have use a DMZ port in each one of the sonicwalls to uplink to the Cienna devices. Keep all the DMZ's on a the same subnet but make sure it's not the same as any of your LAN subnets.

Then create static routes in each sonicwalls to send traffic out via the DMZ. If you have more than 5 sites consider using a routing protocol.

Ie
Site 1:
LAN: 192.168.1.x
DMZ: 10.10.10.1

Site 2:
LAN: 192.168.2.x
DMZ: 10.10.10.2

Site 3:
LAN: 192.168.3.x
DMZ: 10.10.10.3

Create static routes in each sonicwall:
Ie
Site 1: route anything for 192.168.2.x to 10.10.10.2
Route anything for 192.168.3.x to 10.10.10.3
Route anything for 0.0.0.0 to (site that holds the Internet connection)

 

[tck307]

Thanks a lot for your response. Perfect timing as I was pushing to get this sorted over the last few days. Helped get me there.