Redirecting an IP address on the local LAN?
 PDXPaul                
                
                     Newbie ✭
PDXPaul                
                
                     Newbie ✭                
            Hi, trying to do something here that may or may not be really possible. We have 2 gateways on our LAN - one is the TZ400 that everyone uses for internet, the other is a Centurylink DSL modem that the VOIP traffic goes out on. The phone system & all of the handsets are configured to use it as their gateway, I don't think it is anything other than an internet service line. But, I don't have access to its configuration. I do have access to the phone system & phones.
TZ400 is 192.168.1.1
CL modem is 192.168.1.254
A couple of times recently, Centurylink has gone down in the area, knocking out all of the phones. I figured if I could change their gateway to the TZ400 this would get them back up temporarily - maybe even set it as a secondary gateway as a back-up in case this happens again (and perhaps vice-versa for the rest of the network, poor-man's failover. . .) But I'm not real familiar with the phone system and it seems to be a little more complex than just a setting or two, so not wanting to make a mess and sink a bunch of time into it I thought that if there were a way to just re-route the .254 traffic to .1 then nobody would be the wiser & we could get back in business . . . is that feasible somehow? Obviously it wouldn't be "routing" since they are on the same subnet. Maybe something like adding the .254 address to the TZ400's lan port (can it have more than one?) and just disconnecting the CL modem? Right now they are all port-shielded together but I could break one off & give it that address - would that do the trick?
Or if I could get into the CL modem, I could set its gateway to be the TZ400's LAN IP, but I don't know if it would allow me to do that on the same subnet. But again, I could break off an interface for this purpose & give it a separate subnet, then make that the gateway (or secondary gateway) on the CL modem. But so far I haven't been able to get those credentials.
Any feedback or other tricks for this? Thanks!
Best Answers
- 
            CORRECT ANSWER shiprasahu93
                        
                        
                             Moderator shiprasahu93
                        
                        
                             ModeratorYou can do the following. 1) Connect the phones to the TZ 215 and use that as the default gateway. Set up WAN failover on TZ 215 with CL as the primary and have a separate connection to the existing TZ 400. 2) With that setup, you can have logical probing done for CL and if the internet is down, route the traffic via the link between the TZ 215 and TZ 400. Let me know if that explains what needs to be done. Thanks! Shipra Sahu Technical Support Advisor, Premier Services 0
- 
            CORRECT ANSWER shiprasahu93
                        
                        
                             Moderator shiprasahu93
                        
                        
                             ModeratorYes, I understand. In that case, you might need to add that cable to X6 which should already be set with DHCP or the right IP addressing scheme. Also, the static ARP should be added to the firewall so that the phones start considering the X0 interface's MAC address as 192.168.0.254. This should be removed while CL is working, otherwise, it will create an IP conflict. I am talking about this section in the firewall. Thanks! Shipra Sahu Technical Support Advisor, Premier Services 0
 
             
            
Answers
Hello @PDXPaul,
Welcome to the SonicWall community.
I think the secondary gateway option has to be set on the phones themselves for this to work. Any setting on the DSL might not be helpful as we want this change when that device is down.
Also, we cannot associate the IP of the same subnet to multiple interfaces or sub-interfaces on the firewall. So, I think although difficult, this setting needs to be done on the phone system itself.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
The Centurylink modem itself is not down, but their network is (or was for a while today, in this area. . .) And this is the second time in the last couple of months this has happened, so I am looking for a way to get their phones back up if/when it happens again.
So the firewall cannot have more than one IP address on the same subnet, even on different interfaces?
If I could get in to configure the Centurylink modem, of course it is not a Sonicwall (it's a Technicolor C1100Z I think) but in general should I be able to assign it's gateway as another IP address on the LAN subnet, such as the Sonicwall? Not sure if that kind of lateral route is feasible. . .
Or what about if I drop in another router in place of the CL one, we have an older TZ215 that the current 400 replaced - I could set it up on 192.168.0.254, routing to something like 192.168.1.1 on X6 of the TZ400 as a transit subnet, and set up NAT for that subnet through X1 as well as the current 192.168.0.x, would that work?
OR --- I could just configure X6 on the TZ400 with the same upstream WAN subnet as the Centurylink modem has now (or any subnet, with DHCP server enabled assuming the CL modem is configured for that) and just swap the cable over to it, no need for an intermediate router. As long as the Sonicwall can do NAT from two different subnets on two different interfaces out through its X1 WAN - will one of the configuration wizards handle that for me without disturbing the current configuration?
The suggestion that I provided will make the whole process automatic and you would need not make any physical or configuration changes if the CL internet connection goes down.
I am sure there are other ways to achieve it but that will need real-time physical or configuration changes.
Thank you!
Shipra Sahu
Technical Support Advisor, Premier Services
I like the idea of setting the 215 up for failover! My only question is since I cannot re-configure the CL modem, it will remain 192.168.0.254 on its LAN interface. If I drop the 215 in as the gateway for the phones, without reconfiguring them & the phone system (which I am hoping to avoid - not sure I can) it will need to use that same address on the LAN (X0), but then will it be able to also use that same subnet on its WAN (X1) to reach the CL modem? Obviously it will be a separate physical connection.
Thanks!
Yes, for us to introduce the TZ 215, we would need access to the CL at least. We can use IP 192.168.0.254 on the TZ 215 X0 interface, but the connection to CL on X1 as well the connection to TZ 400 needs to be on a separate network.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I suppose I could just reset it to factory default. . . I don't think it is doing anything fancy besides internet access, but I don't really know for sure. Unfortunately the phone service provider has been less than responsive. I might lose the PPPoE credentials, hmm?
Or, what do you think of my "manual" failover idea - configure X6 on the TZ400 for a new subnet with DHCP & NAT and just swap the WAN cable from the CL modem over to it? Might be good enough for the situation. . .
Thanks for your help!
@PDXPaul,
The only problem with that setup is that the Default gateway on the phones will be still pointing to the incorrect address creating a problem.
You can manually add a static ARP for 192.168.0.254 and bind to X0 when the CL internet goes down. This can logically pair a secondary IP to the physical interface X0.
You can give this is a try but this is again a manual process and the phones would need to be restarted to remove the older ARP cache that used the CL's MAC address.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I was thinking the CL modem would still be functioning as normal (on 192.168.0.254) but just its upstream connection would be changed to the new subnet on X6 - so in theory, the phones wouldn't even know that their traffic was being re-routed out through the other ISP connection along with the rest of the LAN.
I thought about the ARP approach but wasn't sure if the Sonicwall would accept traffic that was addressed to a different IP than the one that was configured on X0. BTW that would be handled on the firewall, or just via a command window from a workstation on the LAN?
Thanks! Sounds like a pretty simple way to accomplish exactly what I was thinking...
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @PDXPAUL,
Thank you for visiting SonicWall Community.
I can suggest you to try below. This may or may not help you.
The configuration involves creating a static ARP entry on the SonicWall to publish a secondary IP address to the SonicWall's LAN interface. Below screenshot includes a sample IP address. Please change it according to your scenario.
Navigate to MANAGE | Network | ARP page, under Static ARP Entries, click ADD.
This should get the SonicWall logically to use a secondary IP on its same X0 subnet. If your phones can cache the ARP details with SonicWall's X0 MAC address for IP address 192168.1.254, then the traffic flows via SonicWall.
Please note "during this time, the CL modem cannot be active in the network as this is going to create a conflict".
Please give it a shot and update us.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @PDXPAUL,
Thank you for visiting SonicWall Community.
I can suggest you to try below. This may or may not help you.
The configuration involves creating a static ARP entry on the SonicWall to publish a secondary IP address to the SonicWall's LAN interface. Below screenshot includes a sample IP address. Please change it according to your scenario.
Navigate to MANAGE | Network | ARP page, under Static ARP Entries, click ADD.
This should get the SonicWall logically to use a secondary IP on its same X0 subnet. If your phones can cache the ARP details with SonicWall's X0 MAC address for IP address 192168.1.254, then the traffic flows via SonicWall.
Please note "during this time, the CL modem cannot be active in the network as this is going to create a conflict".
Please give it a shot and update us.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Might anyone be able to help me with screen shots etc. for setting up a TZ to CenturyLink?
A number of years ago I setup a TZ400 to CL using PPPoE, VLAN 201, MTU 1492, and my credentials, etc. but while setting up a TZ570W I'm unable to connect. BTW, I'd prefer not to setup a bridge with the CL modem; I'd hate to be down if it had troubles.
Thanks ! ! !