Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2635
  • Last Modified:

Subnet Routing


I have an existing subnet 192.168.0.x with a subnet mask of 255.255.255.0.   I need to add another subnet to my network, 192.167.0.x, because I have a temporary need for additional IP addresses and do not want more than 512 hosts on each subnet.  

Hosts on both subnets must be able to communicate with each other and also access the internet.  All hosts have static IP, not DHCP.  The intended goal is to allow communication between both subnets, without having to change the gateway or subnet mask on all my hosts and network equipment.  

The default gateway for all hosts is the Cisco PIX Firewall's interface, which has an internal IP assigned form the 192.168.0.x subnet.  I have added nat and route statements on the PIX, and hosts on the new subnet, 192.167.0.x can get out to the internet, but cannot communicate with each other.  I realize I need a routing device for there to be communication between the two subnets, so in turn, I added IP routes on my Cisco router for each subnet as follows:

ip route 192.168.0.0 255.255.255.0 205.150.x.x  
ip route 192.167.0.0 255.255.255.0 205.150.x.x  
***please note that 205.150.x.x is the public IP assigned to my PIX)

After doing so, I still cannot communicate between the two subnets and believe its because my router's interface has only a public IP, not one on the 192.x.x.x network.   Does anyone have any suggestions?



0
sohtnax
Asked:
sohtnax
  • 3
  • 2
  • 2
  • +3
1 Solution
 
kain21Commented:
you can't add a 192.167.0.0 subnet to your private network... the range is limited to 192.168.x.x... right now you show you have a 192.168.0.x subnet... why not just add the 192.168.1.x subnet to your network... then if you still needed more addresses you could add 192.168.3.x, 192.168.4.x, and so forth... each subnet would give you 254 usable addresses.... if you want more than 254 devices on a single network you would need to move from a class  address range to a class B range... here's a list of usable private ip ranges...

Class "A" or 24 Bit 10.0.0.0 10.255.255.255 /8 255.0.0.0
Class "B" or 20 Bit 172.16.0.0 172.31.255.255 /12 (or more typically /16) 255.240.0.0 (or 255.255.0.0)
Class "C" or 16 Bit 192.168.0.0 192.168.255.255 /16 (or more typically /24) 255.255.0.0 (or 255.255.255.0)
0
 
sohtnaxAuthor Commented:
Please ignore the actual numbers, they are not my real IP's.   This is not the problem.  The IP addressing I am using is fine.
0
 
pseudocyberCommented:
Where is the router?  You didn't add routes to each of your two networks to talk to each other, you added routes for them to talk to the 205.150.x.x interface.

If the two networks plugged directly into your Cisco router, you wouldn't have to do any routing at all, they would both be directly attached and know about each other automatically.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
jaykayeCommented:
You say that the default gateway is the PIX firewall but you also have a router? I am assuming the router has 2 internal interfaces (192.168.0.x and 192.167.0.x) and one external interface (the internet) and in between is the PIX firewall, am I right?

Have you tried setting the router itself as the default gateway for all your machines? That way you can configure the router to send ext traffic through the firewall.
Because both subnets are connected to the router that is the gateway you wont need any static routes to route between subnets, so that part is a breeze.
0
 
mastrominchioneCommented:
mmm...
if you want 192.168.0.x and 192.168.1.x as a single subnet i think you have to change the subnet mask

from 255.255.255.0 to 255.255.254.0

or you can bridge the 2 sub net...

i don't know if this work... i never do it.. only study a bit of network at school...
let me know..
bye!
0
 
jaykayeCommented:
Sorry forgot to add to my previous comment.

"Because both subnets are connected to the router that is the gateway you wont need any static routes to route between subnets, so that part is a breeze." -- I havnt worked with CISCO routers for a while, but from what I remember you also need to add the 2 network addresses to the config. Best to double check though.

Also, using 192.168.0.x and 192.167.0.x as examples is probably not a good idea as one is a private IP range and the other isnt. We could probably help you better if you gave us your real private IP/network addresses.
0
 
ZoidlingCommented:
Is the following sketch correct?  If not, change it so it reflects your setup.

Internet ----x.x.x.x [ PIX] 205.150.x.x/x ---- 205.150.x.x/x [router] - 192.167.x.x/24
                                                                                        |
                                                                              192.168.0.x/24

0
 
kain21Commented:
ok... now that i know they aren't the actual subnets...

remove the routes you have setup now... they are sending the traffic to the Wan IP address...
add another address to the internal NIC/s on the PIX firewall on the 192.167.0.0 subnet (i.e. 192.167.0.1, if this is possible)
it should automatically create the route relationship between the two networks...
all clients on the 192.168.0.0 subnet should use 192.168.0.1 as their default gateway
all clients on the 192.167.0.0 subnet should use the new 192.167.0.1 address as their default gateway...
no other routes would need to be setup since all unknown traffic on the clients would get sent to the default gateway and routed from there...
0
 
sohtnaxAuthor Commented:
Kain21, your idea sounds good, but the pix can the pix is not able to route the traffic back using the same
interface.  For example, hosts on Network A (192.168.0.0) and Network B (192.167.0.0) have the pix as
the default gateway, as you've suggested.  A host on network A has to reach a host on network B using the pix to route the traffic. The host on net A is never going to be able to reach the destination since the pix is not able to do U turns. If the pix receives traffic on one interface it can't route it back on the same interface.
0
 
kain21Commented:
in this situation then you would need to have two interfaces dedicated for internal traffic... one for the 192.168.0.0 subnet and one for the 192.167.0.0 subnet... alternately you could use another router/server/workstation internally to perform the routing between the subnets and use it as your default gateway on all the workstations... the routing device would then be setup with a 192.168.0.0 and a 192.167.0.0 subnet (this can be done on the same interface on Windows machines) and the pix as it's default gateway and would forward all external requests to it...
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now