1. Home
  2. Networking Firewalls
  3. Zywall 30w problem connecting

Zywall 30w problem connecting

My company has just bought a Zywall 30w, which is plugged into a Cisco

837 ADSL router (which is permanently on) through the WAN port, and then into a switch from the LAN port. All the addresses on the network are static on a range of 80.x.x.x with a subnet 255.255.255.192

The router is set as the default gateway on 80.x.x.129 on all the PCs. I've plugged the 30W in, set the encapsulation to Ethernet, turned the firewall off in SMT, turned off DHCP on the firewall, and tried entering various addresses as the WAN and LAN IPs. Whatever I do, I can't see out of the internal network, even to ping something. Zyxel are no help, so can anyone suggest what addresses I should be using, or what else I could try just to get the basic internet access working - I'll sort out the firewall later!

Why can't I just allocate one of my 'spare' static IPs to both LAN and WAN ports, as the only thing that Demon check is hostname, login and password which are all supplied by the router before anything reaches the firewall?

Oh, yes, the ISP is Demon Internet (Thus), who supplied the router.

TIA for any help.

Reply to
Alun Bell
Loading thread data ...

Why would you want public IP addresses on your network? Your internal, private network should be using private IP addresses.

So, the LAN side of the router is configured to have 80.x.x.129 as IP address, right?

Well, that's the wrong way to go about it. The zywall should go between the router and your internal network. This network is usually called the DMZ and should have public IP addresses.

You should configure your internal machines to act as DHCP clients and the ZyWALL as DHCP server. By default, the ZyWALL will assign addresses in the range of 192.168.1.x with mask 255.255.255.0, if I'm not mistaken.

'Cause that's not the way the IP routing protocol works.

Reply to
shopping.nowthor.com

In message , shopping. nowthor. com writes

Because somebody else set up a ton of connections based on our public IPs, plus the router and a VPN, and will throw a major tantrum if we change anything on our internal network - it's not my choice here, I'm just trying to get it to work!

Correct.

It IS between the router and private network. I've set the router and zywall to have two of public IPs and the same subnet (x.x.x.129 and x.x.x.185, with 255.255.255.192 subnet)

See above comment - we CANNOT use DHCP internally, although that would make life a lot easier for setting this up - ten minutes at best I would think :) You're right about the DHCP address range of course.

I need to get this to work somehow, and I have a really difficult political situation if I try to change anything else on the network, so I think I'm stuffed here!

But many thanks for your comments, I appreciate it when technically savvy people spend the time to answer queries.

Reply to
Alun Bell

Out of curiosity, what kind of connections? I still think renumbering would be a better longer term option.

If you want to use that range on your internal network, we cannot use the same range on your internal network. You need to select two different network ranges, one for your DMZ (which contains the LAN side of the Cisco router and the WAN side of the ZyWALL) and another for your internal LAN. If you really, REALLY, need to use the 80.x.x.x on your internal network then you could use 172.16.x.x/255.255.255.0 on your DMZ. However, this is exactly the reverse what OUGHT to be done.

If that's the case, convince people to do the right thing. Hacks usually come back to bit people in the ass somewhere down the road.

Reply to
shopping.nowthor.com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.