Precautions to be taken while moving to a different IP subnet (Requirement for more IP addresses)

We use Window 2008 servers. Our firewall is maintained externally they handle all the routing and I don’t have access to the firewall. The existing IP subnet for our network is , which was allocated to our network 9 years ago and we have only 1022 IP addresses at the moment.

Now we are going to expand our network within our premises and we will have more devices on our network like laptop , tablets etc.. In this case as a future proof  I think it will better to have a IP subnet which can give us more IP address.

I am planning ask our firewall team to allot me a new IP subnet and this will give me 4094 IP address.

If they "yes it is possible" and if they configure and allot this new range for our network.

Is this a good plan to move forward to have more IP address for our network ?
For a smooth transition , what are the precautions that  I need to be take within my LAN if I change the IP scheme

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
Yes, this is a fine plan.  I'm not sure why the firewall team would need to be involved, unless the firewalls host DHCP for your network.  

One thing you WILL need to do is arrange for all your clients to either reboot (if they're all DHCP) or lay hands on those with static IP information to update their subnet mask, but that's all the work that should be necessary.
lianne143Author Commented:
We have our own windows DHCP server hosted within our LAN.
If I delete the existing scope on my DHCP and create a new scope on my DHCP for
But without the firewall team involvement in configure the NAT on the router for the new IP subnet will the NAT happen on the router for the new IP schema.

Paul MacDonaldDirector, Information SystemsCommented:
NAT from inside is (or should be) automatic.  I'm not suggesting you shouldn't involve your firewall team - you know more about that than I - but that you likely don't need to.
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

lianne143Author Commented:
We do have Cisco L3 switch within our LAN, which connects to a modem and to the fibre network. This switch does the internet routing  for our network and I don't have access to this switch and the FW people look after this.
But without specifying the new IP subnet on this L3 switch to NAT, will the PCs in our network connect to the internet.

Skyler KincaidNetwork/Systems EngineerCommented:
If I was you I would have the FW people verify the settings inside the Firewall and the Switch if they manage them.

The important part for you, internally, is that workstations get the new subnet mask which will be applied when you change the DHCP scope. You also need to make sure and change it on anything that you have set statically.
At the very least, the firewall's subnet mask for the private interface will need to be changed to reflect the new subnet.

There may also be some firewall rules that use address ranges.  Any VPN tunnels will need some tweaks. If you allow/have external VPN client access, there may be some impact there but that is not likely.

If you have any VPN tunnels to other sites:
The routers/firewalls at the other sites will need their routing tables updated to reflect the new subnet at your site.
You will need to make sure that your expanded subnet does not overlap/conflict with any of the other subnets.
In any case, you must discuss this move in advance with the external firewall IT folks, well in advance.

You have similar concerns (subnetting/routing) for the L3 switch(s).

Bottom Line: Talk to your outsourced IT folks and get your ducks in a row well before going near this migration.

As previously noted by others, you will need to change the subnet masks on all your hosts with static addresses.  The DHCP clients should take care of themselves but may need a restart. In rare occasions, some DHCP clients may need a manual release/renew to get with the new subnet.

Don't forget printers! If you manage any managed switches don't forget to update and test them.

Planning and documenting your plan is key. Part of that is communications with management and users. "Plan for the worst and hope for the best." Part of that planning and communications is solid buy-in from management. Pick a time where any outage will have the least impact on operations. After the conversion, test every host if possible. Doing so can save you a lot of heart ache. Users and management often do NOT see the up side of a migration such as this until they already have a problem. Humans are not generally proactive when they don't really understand the issues. You will have much more job security if you plan and avoid "bumps" in the road that users and management notice.

 - Tom

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.