Replacing a VPN with a direct fiber connection
Posted on 2013-01-07
We have a business with two main sites with a very basic NAT setup. The first site (site A) is setup with a 192.168.2.x IP scheme, and the second (site B) a 192.168.0.x scheme. The two sites are currently connected via an IPSEC VPN hosted by two Netgear firewall boxes.
Site B contains three SQL servers for POS use, and site A contains an active directory domain controller that hosts DHCP and DNS services (Windows Server 2008 standard). A fiber optic line that has always existed between the sites (but only used for connecting other systems) was found to have extra pairs, so fiber optic switches were placed at each end and tested to verify connectivity.
We are currently in the process of trying to replace the VPN with the fiber connection. However, the company which installed the fiber optic switches claims that it would be better to put the two networks on a 255.255.0.0 subnet instead of the current 255.255.255.0 subnet mask. They claim that this would minimize the VPN usage and allow primary communication through the fiber. I'm not familiar enough with subnets to advise for or against this change. The only reason this was proposed is because they believe it would be too time consuming to manually reprogram IPs for all 60+ devices at site A.
My original plan was to remove the VPN entirely and change the site A addresses to match the site B IP scheme. Several systems at both sites have static addresses for remote access and POS software purposes, so simply removing or changing the DHCP server at either site will not work. I was planning to disable the DHCP services at site A and allow the active directory domain controller to handle all DHCP services for both sites (it is not under heavy load as a domain controller).
Basically, I'm looking for advice as to which path would be better (pros/cons). There are fewer than 100 devices total between both sites, so I can't think of a reason not to use my proposed method. But, again, I only have a very basic knowledge of subnets, and my knowledge only applies to fourth octet subnetting. The POS servers are not a real issue in either case. We have already moved them successfully between networks.