Configuration of router and Firewall

manish

HI SonicWALL community

I have A cisco router configured with Public IP address and performing a NAT

I have install the TZ370 behind cisco router and Firewall X0 is serving for LAN

To be more precise Router out port is configured with ISP

Inside port connected with firewall x1 WAN interface with 192.168.1.1 and 192.168.1.2 respectively

can you please guide me

1)how can i create static route between firewall and router

2) do i need a static routing between my router and firewall

3) If need to allow outside traffic to inside how can allow , i mean do i need to allow on firewall and router or only on firewall

Thanks for you reply

TKWITS

Is the Cisco Router absolutely necessary? A Sonicwall expects to have a publicly routable IP address on its WAN interface and may not perform as expected without a direct connection to the internet.

manish

HI TKWITS

Thanks for reply me back. So Cisco is being used for long time we cant remove from our LAN.

I am looking for solutions with cisco and SonicWALL firewall working together so i can also use SonicWall services like Global VPN SSL VPN

MitatOnge

You should create Nat rule for outside to inside all ports.

internet --> Cisco Router --> SonicWall X1 Ip

You can find out below document "how to create Nat rule"

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-addr-consv.html#GUID-C03EE46C-9F71-49B4-8046-8B8962B674CA

TKWITS

"So Cisco is being used for long time we cant remove from our LAN."

A device in use 'for a long time' means that no one has had the gumption to question its existence and necessity. I've pulled plenty of Cisco routers out because they weren't needed, and clients have said 'why was it there in the first place if it wasn't needed?'. My reply: I didn't install it so I can't answer that question.

1. If the Sonicwalls WAN interface is using the Cisco's LAN IP as it's default gateway than that route exists.
2. Technically, no because the Sonicwall is also NATing all the traffic being sent to the Cisco.
3. You would need to allow external traffic in through both the Cisco and Sonicwall since you are double NATing.

Please refer to my first post again.

ariyano

HI,

I'm not trying to hijack this thread, but my question is very similar to the actual question, so I guess this is the best place to ask.

My setup is this: commands have been shorted, only to show related config.

Cisco 1900 Router:

gig 0/0 = 123.123.123.123/30 (p2p to my isp, it's a microwave link)

ip nat ouside

 ip address 22.22.22.41 255.255.255.248 secondary (Public IP)

 ip address 11.11.11.254/32 (Local lan)

ip nat inside

ip dns server

ip nat pool CAFE 22.22.22.43 22.22.22.22.43 netmask 255.255.255.248

ip nat inside source list 10 pool CAFE overload

ip route 0.0.0.0 0.0.0.0 123.123.123.13

dialer-list 1 protocol ip permit

access-list 10 permit 11.11.11.0 0.0.0.255

access-list 20 permit 62.171.181.153

access-list 20 permit 5.189.162.239

Sonicwall:

X0 = Management

X1 = 11.11.11.253(Wan)

X2 = 33.33.33.33(local lan)

My question here is. I would like all the Public ips to be routed from Sonicwall. I want the cisco router to only act as a bridge. All the nat would happen on Sonicwall. How do I achieve this?

Should I assign one Public IP to X1 port on sonicwall? should that publish my sonicwall on the internet? And nat accordingly?

Any help on this will be highly appreciated.

Thanks,

Aj.