• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

Nest a subnet inside another subnet

I have a bunch of subnets in a corporate network. All subnets are different physical locations and are interconnected through an IP VPN managed by our ISP. We have one subnet that is running full: 172.26.76.0/24. Instead of supernetting it, which would require me to change subnet mask and change static IPs/netmask on all our equipment at this one location, i'd like to put a router inside the 172.26.76.0/24 net and put a new subnet behind it, e.g. 172.26.77.0/24. I'd then try to route all inside traffic from the 172.26.77.0/24 net to the 172.26.76.0/24 net. However, clientsin the 172.26.77.0/24 net also need to access resources in all other corporate subnets (172.26.1-180.0/24). How can this be routed?
0
i486dx266
Asked:
i486dx266
  • 3
  • 2
1 Solution
 
giltjrCommented:
Um, what you are talking about is standard IP routing.  The only thing I would like to clear up is the " .... corporate subnets (172.26.1-180.0/24) "

This makes it appear as if you have 180 subnets:

172.26.1.0/24
172.26.2.0/24
172.26.3.0/24

and so on up to :

172.26.178.0/24
172.26.179.0/24
172.26.180.0/24

If this is true, then  172.26.77.0/24 is one of the many subnets you have and routing would take place the same way it does now.

What are you confused about?
0
 
i486dx266Senior IT Driftskonsulent/Senior System AdministratorAuthor Commented:
That,s true, we have about 180 subnets.

One can only have one subnet in one network segment/vLAN. To get two subnets in one vLAN one can supernet it. I do not want to do this as it's to much work.

With our current setup we only have one VPN connection for this site. In order to route two subnets, each in it's own vLAN/LAN we need two GW ports in the router from our ISP. This is not an option, nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet)
0
 
giltjrCommented:
What type of device do you have a the site with the 172.26.76.0/24 subnet?

A true router or a L3 swtich?
Whose and what model?

--> "... nor can we route both subnets in one port (can't have 172.26.76.254 as GW on 172.26.77.0/24 subnet) "

Depending on the devices you have you can actually do that.
0
 
i486dx266Senior IT Driftskonsulent/Senior System AdministratorAuthor Commented:
Hi,

Yes, i know, technically we can do that. However that router is managed by our ISP so we have no access to it. They just assigned an IP to the LAN port of it and placed it in our site. (same for all sites). That's the issue. Of course we can request a change but that's a long process. I just wanted to know if my plan would work, because i could have it running in 2 hrs as opposed to 2 weeks with the ISP changes.

I made a sketch for clarification.

(Btw, our ISP uses cisco 3560 v2 sw as router)
subnets.gif
0
 
giltjrCommented:
What provides the routing for the servers/clients in the box "These are the subnets in question"?  I don't see a L3 device that seems to provide that.

As for the subnets using the "main corp router", I am assuming to get to 172.26.76.0/24 subnet they end up pointing to "ISP GW" router.   In the "main corp router" you would just add a route for 172.26.77.0/24 that looks just like the route for 172.26.76.0/24.

Unfortunately since it looks like your ISP is providing routing for you at some point for 172.26.76.0/24 any ISP box that has a route fot that subnet needs to have a route added that says to get to 172.26.77.0/24 go to 172.26.76.250.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now