Class A, B orC
Hi
We be thinking of subnetting our network so that all 21 sites have different ip ranges. We thought of going with 10.0.0.0 then 10.10.1.0 with 255.0.0.0. subnet etc but question is 10.10.1.0 not with the 10.0.0.0 network and likewise if we go another way to conserve the number of wasted ips does the 192.168.10.0 live within the 192.168.0.0 network and therefor cause problems further away?
Many Thanks
We be thinking of subnetting our network so that all 21 sites have different ip ranges. We thought of going with 10.0.0.0 then 10.10.1.0 with 255.0.0.0. subnet etc but question is 10.10.1.0 not with the 10.0.0.0 network and likewise if we go another way to conserve the number of wasted ips does the 192.168.10.0 live within the 192.168.0.0 network and therefor cause problems further away?
Many Thanks
Are you sites interconnected or are they each running behind a NAT router onto the internet?
If you're using private IP ranges for each seperate site behind NAT routers, then subnetting holds no real benefit to you (for example, all of the subnets could run on the 192.168.1.0/24 subnet - it doesn't matter because the NAT router shields the private IP addresses from the internet).
Maybe I've misundersood your question...
If you're using private IP ranges for each seperate site behind NAT routers, then subnetting holds no real benefit to you (for example, all of the subnets could run on the 192.168.1.0/24 subnet - it doesn't matter because the NAT router shields the private IP addresses from the internet).
Maybe I've misundersood your question...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tony may be right in some cases but that would hinder their ability to establish VPNs between locations. unless they use cisco routers to establish the connection then they might work but if it's sonicwalls then your out of luck. that's why i suggested different addresses for each location.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes we would envisage creating vpns between sites, why would this cause problems with sonicwalls?
if 10.10.1.0 is in the 10.0.0.0 network with a 255.0.0.0 mask does that also mean for smalller sites that 192.168.10.0 is with 192.168.0.0 with default mask 255.255.255.0?
ta
if 10.10.1.0 is in the 10.0.0.0 network with a 255.0.0.0 mask does that also mean for smalller sites that 192.168.10.0 is with 192.168.0.0 with default mask 255.255.255.0?
ta
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If your going to do VPN's, I'd highly suggest each site being on a different subnet, as viper mentioned. It will make your life much easier. Sonicwall, Watchguard and with many other firewalls, you will have trouble if they are all on the same subnet.
<<does that also mean for smalller sites that 192.168.10.0 is with 192.168.0.0 with default mask 255.255.255.0?
No, with 192.168.0.0 with a subnet mask of 255.255.255.0 you would get 1 subnet with 254 hosts....with a range of 192.168.0.1 through 192.168.0.254
You could change it so 192.168.0.0 with a mask of 255.255.255.248 to get 32 subnets, but you'd only have 6 hosts per subnet.
<<does that also mean for smalller sites that 192.168.10.0 is with 192.168.0.0 with default mask 255.255.255.0?
No, with 192.168.0.0 with a subnet mask of 255.255.255.0 you would get 1 subnet with 254 hosts....with a range of 192.168.0.1 through 192.168.0.254
You could change it so 192.168.0.0 with a mask of 255.255.255.248 to get 32 subnets, but you'd only have 6 hosts per subnet.
sonicwall vpns rely on having diffrent destinations for each vpn. if each site has a internal net of 192.168.1.x then you could only have one vpn. also you cant have the same source and destination networks.
rion, i see some logic but how can you use the 10.x.x.x as the outside when it is a reserved internal network? perhaps i am reading it wrong, but i don't see how that works without extra equipment.
rion, i see some logic but how can you use the 10.x.x.x as the outside when it is a reserved internal network? perhaps i am reading it wrong, but i don't see how that works without extra equipment.
net has a good point look at your user base and plan the numbers for each site and the org as a whole. then you can figure out the numbers in terms of subnets and hosts.
Yeah, you can not use private IP addresses as your public IP's as private IP's are not routed on the internet. Your ISP will dictate your public IP.
@NetAdmin2436, Hello
Are you sure private ip address could not be routed on the internet?
I don't know if this is the same situation of our company and them.
We are using Wireless Access Points with High End Parabolic Grid Antennas.
We have 2 servers, Linux with Squid and local DNS1, Windows 2003 with ISA server 2004 and local DNS2.
We have 2 public ip address.
Each server has 2 NICs, 1 is public(external) from internet cloud and 1 is private, the private(internal) connects to the base stations.
We have 10 base stations, each base station was assign 1 private ip address, each private ip address(AVAYA/PROXIEM AP) has a router connected, each router assign different private ip address. Each client connects to our gateway(squid,ISA) and Local DNS using private ip addresses.
But the internet connections are running fine and sweet.
How do you explain that? Is that connected to your last comment?
Forgive me if I ask wrong. Just asking with your comments.
Consider this as my comment2.
:)
rionroc
Are you sure private ip address could not be routed on the internet?
I don't know if this is the same situation of our company and them.
We are using Wireless Access Points with High End Parabolic Grid Antennas.
We have 2 servers, Linux with Squid and local DNS1, Windows 2003 with ISA server 2004 and local DNS2.
We have 2 public ip address.
Each server has 2 NICs, 1 is public(external) from internet cloud and 1 is private, the private(internal) connects to the base stations.
We have 10 base stations, each base station was assign 1 private ip address, each private ip address(AVAYA/PROXIEM AP) has a router connected, each router assign different private ip address. Each client connects to our gateway(squid,ISA) and Local DNS using private ip addresses.
But the internet connections are running fine and sweet.
How do you explain that? Is that connected to your last comment?
Forgive me if I ask wrong. Just asking with your comments.
Consider this as my comment2.
:)
rionroc
to me it looks like your isp is providing the outside addresses for your servers. and you have control over the addresses for the waps and the nics for the internal net. since your you have two proxies you would need a public address for each server.
what net explained is that the private 10.x addresses are not routable on the internet because they are reserved for private use. the isp hands out your public address 71.x,68.x,66.x addresses. they are routeable. hope this clears things up.
what net explained is that the private 10.x addresses are not routable on the internet because they are reserved for private use. the isp hands out your public address 71.x,68.x,66.x addresses. they are routeable. hope this clears things up.
Rionroc,
Yes I'm sure :)
http://en.wikipedia.org/wiki/Private_network
Your client computers are still being routed through your gateway or ISA server in your case. From your client PC's do a start --> run --> cmd --> ipconfig/all. Look at the gateway address, that will tell you where they are pointing to get to the internet. In other words, they are being routed to the internet by another device that has your public IP(s).
Yes I'm sure :)
http://en.wikipedia.org/wiki/Private_network
Your client computers are still being routed through your gateway or ISA server in your case. From your client PC's do a start --> run --> cmd --> ipconfig/all. Look at the gateway address, that will tell you where they are pointing to get to the internet. In other words, they are being routed to the internet by another device that has your public IP(s).
Thanks Viper640,
:)
rionroc
:)
rionroc
welcome, rion.
glad i could help someone. we all can learn from each other that's the beauty of this place.
glad i could help someone. we all can learn from each other that's the beauty of this place.
<<we all can learn from each other that's the beauty of this place.
Amen to that!
Amen to that!
OK:)
so much commeents from experts and no question about switches, routers etc... do you use them ? have you haerd about trunking, vlans ? what is the hardware you use ?
We don't know about the authors comment, he just ask for a,b,c class!, so I answered numeric and some of them answered with roman number.
ASKER
excellent response from all really good posts
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml
tips from techrepublic:
http://articles.techrepublic.com.com/5100-10878_11-5034563.html
subnetonline.com has a bunch of things that could help you figure things out.
hope these help.