• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Subnet Puzzler 500 points

I have inherited a network protectected by a pix,where as far as i was aware all of the devices were on a 10.10.2.0  255.255.255.0 network
The pix has been configured accordingly and can get to devices within this subnet!

However the customer is now saying that the can't get to 10.10.0.1 which they believe is behind the same pix. They are saying that we should be using
10.10.0.0  255.255.0.0     or    10.0.0.0   255.0.0.0

If I change my 10.10.2.0   255.255.255.0 network    
& use either the 10.0.0.0   255.0.0.0   or   10.10.0.0  255.255.0.0

Should they then be able to get to 10.10.0.1  as well as the other devices?
0
lowfell
Asked:
lowfell
  • 4
  • 3
  • 2
2 Solutions
 
Pete LongConsultantCommented:
"They" are ssuming that you need to do Classfull subnetting  - you dont

>>as far as i was aware all of the devices were on a 10.10.2.0  255.255.255.0

Fair enough so you can have 253 devices on your networ (1 to 254)

However - 10.10.0.1 is a DIFFERENT Subnet :) so

>>as far as i was aware all of the devices were on a 10.10.2.0  255.255.255.0

CANT be true!! otherwise they wouldnt have a 10.10.0.1 to get to so "they are correct" to get to 10.10.0.1 behind your PIX you need to change the subnet mask
0
 
Keith AlabasterCommented:
The 255.255.255.0 mask covers all addresses that begin with 10.10.2
The 255.255.0.0 mask would cover all addresses that begin with 10.10

That said, we would need to know the configuration behind the PIX.

For example, if you have a router that the PIX is connected to then this may not be an issue at all, however, if the pix is connected directly to a flat network, this may well be an issue for you.



                                 PIX
                         10.10.2.1  255.255.255.0
                                  |
                                  |                                    No problem, just need to make sure your routes are available
                          10.10.2.2  255.255.255.0
                               router
                          10.10.0.5 255.255.255.0
                                  |
           -----------------------------   LAN with other 10.10.0.x addresses



                                 PIX
                         10.10.2.1  255.255.255.0
                                  |                                 this would be a problem
                                  |                                  
                          -----------------------------   LAN with other 10.10.0.x address




 
0
 
Pete LongConsultantCommented:
>>of the devices were on a 10.10.2.0  255.255.255.0

Means

10.10.2 is the NETWORK Address and the last figure will be used for the CLIENT address (0 is the network number, 255 is the broadcast address, which leaves 1 to 254 as usuable addresses)

so

10.10.0.1 255.255.255.0

Means

10.10.0 is a different network

Hope that makes sense :)
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
lowfellAuthor Commented:
Right, this is a flat network where the gateway for the devices is the pix interface 10.10.2.253

So if indeed they believe that 10.10.0.1 is behind this pix and I am using
10.10.2.0 255.255.255.0

To make this work do i just need to change the subnet mask to
10.10.0.0  255.255.0.0 ?  

This will then cover both ?

Is this correct & is this all I have to do ?
0
 
Keith AlabasterCommented:
The subnet mask portion is just 255.255.0.0

However, I would check other network devices to make sure that they are also on 255.255.0.0

but yes :)

0
 
Keith AlabasterCommented:
How are you doing :)?
0
 
lowfellAuthor Commented:
Thanks a lot chaps the network was a flat 10.10.0.0, so i solvesd this by changing the mask to 255.255.0.0


Again many thanks!
0
 
Keith AlabasterCommented:
Thanks :)
0
 
Pete LongConsultantCommented:
ThanQ
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now