Solved

Replacing a VPN with a direct fiber connection

Posted on 2013-01-07
2
661 Views
Last Modified: 2013-01-07
We have a business with two main sites with a very basic NAT setup. The first site (site A) is setup with a 192.168.2.x IP scheme, and the second (site B) a 192.168.0.x scheme. The two sites are currently connected via an IPSEC VPN hosted by two Netgear firewall boxes.

Site B contains three SQL servers for POS use, and site A contains an active directory domain controller that hosts DHCP and DNS services (Windows Server 2008 standard). A fiber optic line that has always existed between the sites (but only used for connecting other systems) was found to have extra pairs, so fiber optic switches were placed at each end and tested to verify connectivity.

We are currently in the process of trying to replace the VPN with the fiber connection. However, the company which installed the fiber optic switches claims that it would be better to put the two networks on a 255.255.0.0 subnet instead of the current 255.255.255.0 subnet mask. They claim that this would minimize the VPN usage and allow primary communication through the fiber. I'm not familiar enough with subnets to advise for or against this change. The only reason this was proposed is because they believe it would be too time consuming to manually reprogram IPs for all 60+ devices at site A.

My original plan was to remove the VPN entirely and change the site A addresses to match the site B IP scheme. Several systems at both sites have static addresses for remote access and POS software purposes, so simply removing or changing the DHCP server at either site will not work. I was planning to disable the DHCP services at site A and allow the active directory domain controller to handle all DHCP services for both sites (it is not under heavy load as a domain controller).

Basically, I'm looking for advice as to which path would be better (pros/cons). There are fewer than 100 devices total between both sites, so I can't think of a reason not to use my proposed method. But, again, I only have a very basic knowledge of subnets, and my knowledge only applies to fourth octet subnetting. The POS servers are not a real issue in either case. We have already moved them successfully between networks.
0
Comment
Question by:GuneTech
2 Comments
 
LVL 4

Accepted Solution

by:
tpitch-ssemc earned 500 total points
ID: 38752801
You can extend your subnet by just changing the subnet mask on all of your devices. I've usually tried to keep subnets as small as possible due to all of the broadcasts, but I've recently taken a network that has exactly what you have. Two sites approximately 20 miles apart connected via dedicated fiber and one subnet. Our mask is "255.255.252.0" which gives us usable IPs in the range of 192.168.0.1 through 192.168.3.254.

We've broken the IP ranges up logically, for example servers are on 192.168.0.x and clients are on 192.168.2.x. But that's purely for logical reasons, technically it doesn't matter.

Just remember if you're using DHCP to eliminate one of the DHCP servers, you only need one! Be sure to extend the assignable range of your DHCP server to include all the addresses you need.

On a side note, the 255.255.0.0 range they recommend would give you IPs 192.168.0.1 through 192.168.255.254.
0
 

Author Closing Comment

by:GuneTech
ID: 38753181
This is what I was looking for. I mainly just wanted to know exactly what would change by modifying the subnet mask. Both solutions require manually programming each device, so I wanted to make sure that this would work.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Dropbox Control 5 194
DHCP Scope turns blue with exclamation mark 4 66
2012R2 DHCP cluster 2 38
Windows 10 not able to log into domain 4 63
Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now