I have two SonicWalls NSA 2600 firewalls that are configured to communicate with each other via a VPN tunnel through their WAN port. Each firewall also has an interface that is connected to it's own respective subnet.
I have been able to configure and take things this far, but I am stumbling at the final steps of getting the whole point of this to work, which is getting two machines which exist across the Firewalls to communicate via multicast (They are DeltaV machines if that is significant). Here's the final kicker, these machines have a specific IP address that they need to exist in, which is 10.4.0.0/15. I have created a drawing below which hopefully does a good job summarizing what I've written above.
So I have read through Sonicwall's documentation on how to enable multicast support across a VPN tunnel, but these devices are unable to communicate so far.
It has been understood that these machines with the 10.4.0.0 addresses will be plugged into the x.x3.x.x subnet on both sides. This however is not set in stone, and there are other interfaces on this firewall that could allow for more subnets to exist in this experiment.
Currently, I have machines setup with the 10.4.0.0 IP range, but they cannot ping anyone on the local firewall, the remote firewall, and much less each other. I know that ping working isn't necessarily going to guarantee that multicast works, but I feel like it would set me on the right path.
I should say that I have very little experience with networking, and the fact that these machines must live on a separate subnet is what has me really scratching my head. I'll try and create a good list of every question that I think is reasonable for me to get answered.
- If a machine is a part of a different subnet than other machines on a VLAN, can it connect to the gateway of the other machines on the VLAN? Or does a gateway need to exist in a subnet for it to be valid?
- If the above's answer is that the subnet needs it's own gateway, is the only way that I can get these two machines to talk over the VPN tunnel to set them up on their own interface with their own gateways on my firewalls?
- If they both need to be on their own gateway, will it be an issue communicating over the VPN that they share subnets? I.e. 10.4.0.15 is on firewall A and 10.5.1.25 is on firewall B, if I wanted to ping 10.5.1.25 from 10.4.0.15, could this be done easily assuming there isn't already a 10.5.1.25 on the firewall A of the subnet?
- If the above situation is problematic, would I need to use NAT to translate IP addresses before they are communicated over the network?
- Any advice you could give to someone who feels in over their head when it comes to networking? I.e. things you wish you knew/did when you started, specific gotchas to look out for when dealing with firewalls/multicast
If you have made it this far into my post, I want to sincerely thank you for taking the time to share your knowledge with me. If you need any more context about my situation, I would be more than happy to provide it. Thank you,
No comments:
Post a Comment