changing IP range

gopher_49
gopher_49 used Ask the Experts™
on
I need to change the IP range of my local lan.  The reason being my remote VPN users tend to have the same IP range as our corporate network.  This tends to cause problems with network printers... So...  I need the ability to add IP addresses to my servers.  And then I plan to change my DHCP range to accommodate this new range.  So, I'll end up with my domain controllers, email, and file/print servers having IP addresses both two different ranges.  I plan to work with Cisco in regards to my network appliances seeing this new range, however, what precautions or issues should I be prepared for in regards to adding IP addresses to my servers?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I would use what is called VLAN's if this is supported on your router and switches. You would create the new VLAN on your router (default gateway, firewall, whatever). Then you have to setup your switches to allow for more than one VLAN. Instead of putting your servers in two different networks cisco has things calls ACLs (Access Control Lists). You would put a rule on the router, and switches to allow the new IP range to communicate either with all of the original IP range or you can put rules to allow only access to the servers IP addresses. I think this is an easier and more secure way of setting up the new range, without VLAN you would need all new switches for the new IP range.
Commented:
1. Make sure you àre not using hosts or lmhosts files on any of you servers or clients, cause these will cause you troubles once you change IP addresses.
2.Once you change the range make sure to clean up your WINS database.
3.Keep an eye on your DNS and remove any records that points to the old addresses.
4.If you have any share mappings using IP addresses, you will need to change them as well and start using hostnames.
5.If there are any IP based database mappings, consider to change them to hostnames before you quit the old range.
6.If there are any ISP forwarded ports to your internal servers, don`t foget to contact your ISP to make the proper changes at the right time.

I can`t think of anything else right now.

Author

Commented:
Will 802.1q pass through a SSL based client VPN connection?  I see what you're saying...  Have a dedicated VLAN for my VPN users and have a dedicated IP range for them...  But... Not sure if 802.1q will pass through a SSL based client VPN connection.  

Also,

I ended up utilizing Cisco's Smart tunneling clientless VPN option...  This allows my to tunnel specified applications but at the same time the remote user never gets an IP address from my VPN config.. So...  The whole IP range issue is voided.  I tested and it works fine.  Now my remote users can print to their WiFi based printers even if their local range matches my corporates local IP range...  

Both of your comments make sense and do help though.. It seems that simply creating a clientless SSL VPN profile utilizing smart tunneling fixed my issue.

Thanks!

Author

Commented:
Both comments stand true in most scenarios, however, I went a different direction due to me being lucky enough to have a Cisco ASA 5510 that support SSL VPN clientless smart tunneling.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial