Precautions to be taken while moving to a different IP subnet (Requirement for more IP addresses)

We use Window 2008 servers. Our firewall is maintained externally they handle all the routing and I don’t have access to the firewall. The existing IP subnet for our network is , which was allocated to our network 9 years ago and we have only 1022 IP addresses at the moment.

Now we are going to expand our network within our premises and we will have more devices on our network like laptop , tablets etc.. In this case as a future proof  I think it will better to have a IP subnet which can give us more IP address.

I am planning ask our firewall team to allot me a new IP subnet and this will give me 4094 IP address.

If they "yes it is possible" and if they configure and allot this new range for our network.

Is this a good plan to move forward to have more IP address for our network ?
For a smooth transition , what are the precautions that  I need to be take within my LAN if I change the IP scheme

Who is Participating?
TomRScottConnect With a Mentor Commented:
At the very least, the firewall's subnet mask for the private interface will need to be changed to reflect the new subnet.

There may also be some firewall rules that use address ranges.  Any VPN tunnels will need some tweaks. If you allow/have external VPN client access, there may be some impact there but that is not likely.

If you have any VPN tunnels to other sites:
The routers/firewalls at the other sites will need their routing tables updated to reflect the new subnet at your site.
You will need to make sure that your expanded subnet does not overlap/conflict with any of the other subnets.
In any case, you must discuss this move in advance with the external firewall IT folks, well in advance.

You have similar concerns (subnetting/routing) for the L3 switch(s).

Bottom Line: Talk to your outsourced IT folks and get your ducks in a row well before going near this migration.

As previously noted by others, you will need to change the subnet masks on all your hosts with static addresses.  The DHCP clients should take care of themselves but may need a restart. In rare occasions, some DHCP clients may need a manual release/renew to get with the new subnet.

Don't forget printers! If you manage any managed switches don't forget to update and test them.

Planning and documenting your plan is key. Part of that is communications with management and users. "Plan for the worst and hope for the best." Part of that planning and communications is solid buy-in from management. Pick a time where any outage will have the least impact on operations. After the conversion, test every host if possible. Doing so can save you a lot of heart ache. Users and management often do NOT see the up side of a migration such as this until they already have a problem. Humans are not generally proactive when they don't really understand the issues. You will have much more job security if you plan and avoid "bumps" in the road that users and management notice.

 - Tom
Paul MacDonaldConnect With a Mentor Director, Information SystemsCommented:
Yes, this is a fine plan.  I'm not sure why the firewall team would need to be involved, unless the firewalls host DHCP for your network.  

One thing you WILL need to do is arrange for all your clients to either reboot (if they're all DHCP) or lay hands on those with static IP information to update their subnet mask, but that's all the work that should be necessary.
lianne143Author Commented:
We have our own windows DHCP server hosted within our LAN.
If I delete the existing scope on my DHCP and create a new scope on my DHCP for
But without the firewall team involvement in configure the NAT on the router for the new IP subnet will the NAT happen on the router for the new IP schema.

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Paul MacDonaldConnect With a Mentor Director, Information SystemsCommented:
NAT from inside is (or should be) automatic.  I'm not suggesting you shouldn't involve your firewall team - you know more about that than I - but that you likely don't need to.
lianne143Author Commented:
We do have Cisco L3 switch within our LAN, which connects to a modem and to the fibre network. This switch does the internet routing  for our network and I don't have access to this switch and the FW people look after this.
But without specifying the new IP subnet on this L3 switch to NAT, will the PCs in our network connect to the internet.

Skyler KincaidConnect With a Mentor Network/Systems EngineerCommented:
If I was you I would have the FW people verify the settings inside the Firewall and the Switch if they manage them.

The important part for you, internally, is that workstations get the new subnet mask which will be applied when you change the DHCP scope. You also need to make sure and change it on anything that you have set statically.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.