Bonnie_K
asked on
Need to renumber network so that home users can connect to vpn
Hi,
I have published a diagram of our network at http://members.cox.net/bak27/
I want to move to the private subnet of 172.16.10.x because too many home users cannot connect to our network with the vpn because their home networks are on the 192.168.x.x network.
I don't really want to mess with the aironets or the vpn between the netscreens.
Can I just change the 192.168.1.x network to 172.16.10.x and leave the y.y.y.x and 192.168.2.1 networks alone? Or will the 172 not talk to the 192 network because those are non routable IP's?
Thanks for any input,
Bonnie
I have published a diagram of our network at http://members.cox.net/bak27/
I want to move to the private subnet of 172.16.10.x because too many home users cannot connect to our network with the vpn because their home networks are on the 192.168.x.x network.
I don't really want to mess with the aironets or the vpn between the netscreens.
Can I just change the 192.168.1.x network to 172.16.10.x and leave the y.y.y.x and 192.168.2.1 networks alone? Or will the 172 not talk to the 192 network because those are non routable IP's?
Thanks for any input,
Bonnie
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You've got a good point. Putting the wireless bridges on a public IP space and using the 2nd Netscreen with a VPN tunnel between the netscreens does seem to be a bit over-complicating matters when you can simply extend your Private IP space and have everything inside just one Netscreen firewall. No VPN to worry about, everyone can be on the same happy IP subnet.
ASKER
The company that installed the aironets for my predecessor told him that even though the traffic was encyrped between the aironets that it should flow through the netscreen vpn, that's why it is the way it is. Have you heard of that as being necessary?
If the wireless connection between the two aironets is encrypted via WEP/WPA then adding another layer of encryption on top of it is just paranoia, but if Security of the data is the #1 priority, then by all means adding another layer of encryption may certainly be called for.
ASKER
I ended up moving the aironets behind the netscreen and have everything on the 172.16.10.x netwrok. Very nice and tidy now. VPN is back up and running and I hope that this clears up the problems I was having with some users being able to connect.
Thanks for all of your responses. It really helped a lot.
Thanks for all of your responses. It really helped a lot.
Thank you Bonnie.
--Rob
--Rob
ASKER
Part of me wants to put the aironets on the other side of the netscreen and have all of the equipment within the netscreen firewall with no public IP's.
Here's why I think this will help, the way I explain this to people at work is that if their home network is on the same addressing scheme as the server, their computers think that the server should be found in their house and never go over the vpn tunnel to try and find the server.