Sonic wall and block of IP’s from Cox

Chris Bevins asked 5 months ago

Hi All
I am having issues, more from my lack of knowledge in this are then anything. I have seen a few similar posts, but none that answered my question, at least in a way I understood. So I am hoping you all can help me out. 
So we recently upgraded to a fiber connection from Cox, and they installed a Cisco managed router. I am unable to figure out how to get it to work with our sonicwall, and to be honest I do not know the sonicwall very well.
Here is what cox gave me. 
IPv4 WAN
-Network: 66.xx.xx.108/30
-Gateway 66.xx.xx.109
-Usable: 66.xx.xx.110
-Broadcast: 66.xx.xx.111
-Subnet: 255.255.255.252
IPv4 LAN
-Network: 69.xx.xx.72/29
-Usable 69.xx.xx.73 - 69.xx.xx.78
-Broadcast: 69.xx.xx.79
-Subnet: 255.255.255.248
Currently we have a standard Cox business account, with a static Ip, I have that setup to X1. X0 is our internal network.
X2 I have setup on a Metro E, between our old building and new ( we are mid move currently). Rules in place send local traffic that his the firewall to the MetroE, internet traffic to X1.
I have X3 plugged into the fiber switch, so that I can verify it before moving it and its config to x1. However I am unsure how I am supposed to go about setting this up. I am not sure what IP to assign to x3, and I assume a nat policy needs setup but not really sure what that should be . I do no know the sonicwall very well. I work mainly on internal networks. 
If anyone has any advice or directions they could point me in I would sincerely appreciate it. If you need any more information just let me know.

Thanks

5 Answers
wimiadmin Staff answered 5 months ago

Hi Chris. Thanks for the question. I have zero experience with SonicWall other than knowing it can get pretty complex during setup but remain rock solid once it is in place and working. I'm going to reach out to another mod for their help. I'm sure he can offer come insight. -Brian

Chris Bevins answered 5 months ago

Its been great so far. I have it doing a few different things and have no trouble with it. I am just not sure where to go with this. Again my lack of knowledge with sonicwalls and connections prolly plays a role in this. I would appreciate you forwarding it along, Thank you!

Steve Bonilla Staff answered 5 months ago

It has been a few years but I have been through exactly what you are describing, with Cox and a SonicWALL.
You'll configure your WAN interface with the 66.xx.xx.110 address using 66.xx.xx.109 as your default gateway.
What happens at this point is that all traffic bound to 69.xx.xx.73-78 will be sent to your 66.xx.xx.110 address and you have to tell the SonicWALL what to do with it. You have options.

1.  You can put an edge router outside of your SonicWALL and have the edge router take over the WAN interface, and set the LAN interface of the edge router as 69.xx.xx.73, set the WAN of your SonicWALL to 69.xx.xx.74 with the default gateway of 69.xx.xx.73. You can use the other ports to give the rest of the 69.xx.xx.75-78 range to other devices outside of the SonicWALL.
2. You can leave the WAN port of the SonicWALL on your 66.xx.xx.110 address and set NAT rules to send the 69.xx.xx.73-78 range to individual hosts on a private network, your DMZ for example. You will need counterpart firewall rules to allow traffic through.
3. Similar to option 1, you can assign 69.xx.xx.73 to one of your LAN interfaces (preferably in a new zone) and configure a custom DHCP range of 69.xx.xx.74-78 to assign those 5 IPs out to devices connected to that interface/zone/VLAN which will then have publicly routable IP address. You will need counterpart firewall rules for this case as well to allow inbound traffic, and you'll need to set a routing policy to send that traffic through.
4. You can do option 3 without DHCP and set hosts in your new zone with static IPs.

Option 2 makes the most use out of your IP address space as you are not giving up one of your CIDR block IPs for a next-hop gateway.

Chris Bevins replied 5 months ago

So, After a bit of testing this morning. I believe that the managed router cox installed has the 66.xx.xx.110 address. I am able to ping that address from home without it setup on the sonicwall. Which leads me to thing that the managed router then needs a nat policy to forward all internet traffic to the 66.xx.xx.110 address, but what would I assign as an address to the interface?

Chris Bevins replied 5 months ago

So, After a bit of testing this morning. I believe that the managed router cox installed has the 66.xx.xx.110 address. I am able to ping that address from home without it setup on the sonicwall. Which leads me to thing that the managed router then needs a nat policy to forward all internet traffic to the 66.xx.xx.110 address, but what would I assign as an address to the interface?

Steve Bonilla Staff answered 5 months ago

In my case there was no cox router, just a cable modem.
In your case since there is a router, it is a matter of determining which IP the LAN side of the managed router is using for your gateway, assuming it is configured properly. Probably best to call the ISP to find out.
Alternatively, you can set the IP of your WAN interface to one of the IPs in the middle of the range and try to ping the IPs at the top and bottom end of the ranges. Whichever IP replies, set as your gateway and see if you can get out.
It wouldn't be a NAT policy in this case since the LAN side is made up of publicly routable IPs, it is just a routing policy on the managed router.
Long story short this should be much simpler for you than I described.

Chris Bevins replied 5 months ago

I like much simpler. I will try and sort out which to use for the gateway and go from there. Thank you, Ill let you know how it turns out.

Chris Bevins replied 5 months ago

I like much simpler. I will try and sort out which to use for the gateway and go from there. Thank you, Ill let you know how it turns out.

Chris Bevins answered 5 months ago

Steve! your my hero, I got it. .73 turned out to be the gateway, which I was trying to assign as the interface which is why I could never get it going. I started in the middle assigned .73 and boom. Thank you so very much for the help!

Steve Bonilla Staff replied 5 months ago

Fantastic. You should be able to use anything in that range outside of the .73 IP for whatever you need. Glad you got it!

Know the answer? Login or sign up for an account to answer this question.
Sign Up