Question : Add VPN Router Hardware to VPN Firewall Sonicwall Hardware

We currently have a VPN Firewall (Sonicwall Pro3060).  An outside company is requiring to install a VPN router on our network to secure VPN to them. Our SonicWall already has IPsec VPN tunnels to our other office locations.  One static route is configured to one of our offices that we have a T1 connection to.  We have a block of 5 static IPs from our Cable ISP.  The two WAN ports are already being used on the Sonicwall Pro3060 (one for internet connetivity/webhosting the other for the vpn tunnels).  We cannot assign another static IP to an interface on the sonicwall, which I would assume we would require to NAT the additional VPN router behind one of the interfaces.

I'm sure this is very simple in theory but am getting confused with everything else comes into play with the existing VPNS and that the sonicwall is our VPN router already.  Am I just assigning a port and NAT one of the IP addresses on the existing interface to the external port of the new VPN router?

I am not configuring the new VPN router, it is being preconfigured and sent to us, but requires information from us.  Below is the info that they require, any help on this would be appreciated:

Hosted Router expected configuration (applies to VPN connectivity)
(I italicized my answer and bolded ones I'm not sure of)

-Internet routable IP/subnet mask and default gateway for outside Ethernet port for Hosted vpn router:
-Interface setting for outside port? We are looking for speed (10/100/1000) and duplex (auto, half, full): Auto
-IP/subnet/gateway for inside Ethernet port of Hosted router: 192.168.0.2 / 192.168.0.2
-Interface setting for inside port? We are looking for speed (10/100/ or 1000) and duplex (auto, half, or full): 100/Full
-Next hop for inside port of Hosted router: Unsure, do I put our exisiting Sonicwall as the Hop?
-Source IP address of traffic inbound to Hosted servers (typically, end user subnet, firewall NAT, firewall hide address): Unsure, is this our WAN IP? 68.190.x.x? with the port?
-For outside PORT, if hosted VPN router would be located behind firewall, we need info for that too (ip, subnet, gateway and associated routable IP/subnet/gateway): Since I think it will have to be behind our Sonicwall, I'm thinking 192.168.0.3:6000 gateway: (sonicwall ip: 192.168.0.1) subnet: 255.255.0.0

Our local LAN info is 192.168.x.x / 255.255.0.0 / 192.168.0.1

Thank you.

Answer : Add VPN Router Hardware to VPN Firewall Sonicwall Hardware

What you should do, in order to keep one gateway for your hosts, is to configure an interface on your 3060.  Give it an IP on the subnet that the LAN of the VPN appliance is on.  When you setup the interface, this will create your routes.  When I've set these up in the past, I give the vendor an IP in my public static range.  They'll configure their WAN interface with this IP.  I get a small switch and connect my sonicwall WAN interface, the vendor's WAN interface and the Internet on this switch.  Additionally, being a VPN appliance, it will be important that they are not behind your sonicwall.

-This would be one of your public IP addresses.
-Check your sonicwall for this setting.
-When they configured the appliance, did they provide you with a LAN IP address?
-You could probably get away with Auto on the LAN interface.
-If you put their WAN interface directly on the Internet, then it will be your ISP's gateway.
-I think it's one of your public IP addresses.
-If you put them directly on the Internet, then this becomes null.
Random Solutions  
 
programming4us programming4us