Avatar of journeyed
journeyed asked on

New superscope not assigning IPs from new subnet

Good Afternoon all,

We had a single Win2K3 DHCP server setup with a scope of 172.16.42.100 - .205/24, and are using a Cisco PIX 515e as both our firewall and our default gateway.  Well, like everyone else here, we were  running out of IP addresses for it to assign.  So I thought I would setup a superscope and add another subnet.  The new member DHCP scope is 172.16.43.1 - .254/24, with an exclusion range from .1 - .10.  Well, I was able to create the superscope, but when I try to assign a static address on a test system within the new .43 network, it can't see anything.  It can't even ping the gateway.  Between the client and PIX, there are no routers, just switches, and I'm thinking this is where the problem is.

Am I correct in assuming that the PIX would have to have an IP address from the new network and the DHCP relay turned on in order to forward packets between the two networks?  And that I would need an additional NIC in the PIX for this as the PIX can only handle one IP address per NIC?

Thanks in advance for your help!
DHCPCiscoHardware Firewalls

Avatar of undefined
Last Comment
Jay_Jay70

8/22/2022 - Mon
Jay_Jay70

i am somewhat intrigued as to why you didnt make your life much aesier and just drop to a /23 mask :)
ASKER
journeyed

I actually dropped the default gateway/switches/servers all to a /22 mask, for scalability reasons.  When I tried to recreate the existing scope and create the new scope, M$ DHCP would not allow me to create both of these scopes with a /22 bit mask, saying they were overlapping.  M$ DHCP will NOT allow you to change a subnet mask on an existing DHCP scope, you have to recreate.  Also, even though you can Export your exclusion list, you can't import it; which means you have to recreate it by hand, including all the MAC addresses.  What the hell?!?!?!?!

Still intrigued Jay_Jay70?  What else you got?
ASKER CERTIFIED SOLUTION
Jay_Jay70

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
journeyed

So Jay_Jay70, as far as I can tell, you are recommending either going to a something closer to a Class B scope, or doing away with the old scope entirely and implementing a larger scope on a different network;  like getting rid of the .42 scope and using the .43 scope?  If that's the case, how are you proposing I solve the problem of the .43 network not being able to see the .42 network?

Just to reiterate and clarify, here's what we have:

Cisco PIX 515e firewall and default gateway - 172.16.42.x  255.255.252.0

All switches and servers - 172.16.42.x  255.255.252.0

Old DHCP scope - 172.16.42.100 - 205  255.255.255.0
New DHCP scope - 172.16.43.1 - .254  255.255.255.0  .1 - .10 excluded

Also, I found an article on how to export/import DHCP using netsh:  http://support.microsoft.com/?id=325473
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
journeyed

Ok, how about this?  

New Scope:  172.16.40.1 - 172.16.43.254/22 with any exclusion range of 172.16.42.1 - .254?

Anyone think of any reason this wouldn't work?  I don't know if M$ DHCP will do this, but I don't see why not.....

Jay_Jay70

yah, as long as you have dropped that mask back, you should have full communications happening without a problem - netsh will dump and import but im not sure if you can then go and change your other settings - might be trial and error as im stuck on /24 masks at the moment, as my Priv IP network wont smile at me if i change it - im running out as well - sigh - good times
ASKER
journeyed

Cool.  I will set this up this weekend and let you know how this went.

Thanks!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Jay_Jay70

no worries mate let me know :)
ASKER
journeyed

Ok, I was able to implement the new scope using the /22 subnet mask and everything is working as it should!  I've had to make some tweaks here and there but nothing major.

Thanks for time Jay_Jay70, and sorry for the delay in getting back to you.  Since you're the only one that responded, you get the points!

Have a great day!
Jay_Jay70

glad its all good mate - have a good one :)
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23