Network architecture advice needed. 1 domain 3 locations

Hi I need some suggestions / pointers on network design.

Environment:

1 domain
3 locations
3 firewalls (vpn tunnels to each location)
Servers and workstations at each location
External VPN  connections at each location
Wireless at each location.
Exchange at one location

I am looking for suggestions for the subneting of this environment.  The netmask for the subneting.  Will routing need to be configures and if so should it net a routing device or routing setup on a windows server? Do I need to setup site in Sites and Services?

Also for the subneting I have seen suggestions to configure the structure like this:
10.168.0.0/24 - Servers location#1
10.168.1.0/24 - Static IPs
10.168.2.0/24 - DHCP Scope
10.168.3.0/24 - Servers Location#2

Or
10.168.0.0 - All Servers
10.168.1.0 - All Workstations
10.168.2.0 - All Switches
10.168.3.0 - Phones etc.

Any input as to the wisdom in that?  Pros/cons?

Thank you in advance for your time.
jrlitmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
A couple of pointers:
Where you have multiple sites connected by VPN's, each site MUST use their own subnet. Something like 10.1.0.0, 10.2.0.0, and 10.3.0.0

As for your suggestions above; 10.168.0.0/24, 10.168.1.0/24  etc, that will not work as each group is on their own subnet and will not be able to communicate, unless their are routers between each subnet. Also there are issues with the multiple sites as stated above. If you change the subnet mask from 24 to something 22-16 would work. The choice really depends on how many IP's you need. Perhaps you could try something like:

10.1.0.0/16 - Servers location#1
10.1.1.0/16 - Static IP's location#1
10.1.2.0/16 - DHCP Scope location#1

10.2.0.0/16 - Servers location#2
10.2.1.0/16 - Static IP's location#2
10.2.2.0/16 - DHCP Scope location#2

10.3.0.0/16 - Servers location#3
10.3.1.0/16 - Static IP's location#3
10.3.2.0/16 - DHCP Scope location#3
The above may be far larger scope than you need, but would work and be organized. If you require less than 250 IP's I would suggest:
10.0.x.0/24 - Servers location #x (use 10.0.x.1 to 10.0.x.20)
10.0.x.0/24 - Printers and Misc location #x (use 10.0.x.20 to 10.0.x.50)
10.0.x.0/24 - Static IP's location #x (use 10.0.x.51 to 10.0.x.100)
10.0.x.0/24 - DHCP Scope location #x (use 10.0.x.101 to 10.0.x.200)
10.0.x.0/24 - Routers location #x (use 10.0.x.201 to 10.0.x.254)
Where x = site #
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jrlitmAuthor Commented:
Relitively small sites 40 systems each site including servers and devices.

What about routing?  Will routing need to be configured and if so should it be a routing device or routing setup on a windows server?  I was also curious about site setup.  Do I need to setup sites in Sites and Services?

So with a netmask of 22 or 16 they should all be able to see each other, correct?

0
Rob WilliamsCommented:
If each site has a single subnet the VPN configurations will look after the routing. No need for additional routers or configuration.

Do you have server's at each site ? If so, yes sites and services and DNS will need to be configured if the server's are part of the domain.

Yes 22, 21, 20...16 will allow 10.168.0.0 - 10.168.3.0 to "see" each other.
You may want to use a site like the following to get a better idea of the subnet sizes with different subnet masks:
http://tstools.co.uk/ipcalc.php
0
Fatal_ExceptionSystems EngineerCommented:
Yea, I don't think you quite understand subnetting, and why it is needed, but I might suggest that you even use completely different private class ranges for your 3 locations..    192.168.1.x /24, 172.16.x.x /16, and your 10.x.x.x /8....   then you don't have to worry about overlap on your subnets with your VPN tunnels..    your original thought not only wouldn't work for your VPNs, you would need routers subdividing your subnets multiple times at each location..    at least, unless I am missing something here..  :)

Regardless, Rob layed it out nicely..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.