Supernetting in Server 2012

Hi Guys,

I have an issue here.
We have 20 something spare IPs left on our subnet of

We are now getting a new phone system installed which needs to be run in the same subnet and required 50 IPs for the handset.
What we need is -

1. People who are using SOFT PHONE in remote offices and on mobile phone must be able to dial into our VPN firewall and connect to the internal phone system.

2. We need to provision these 50 something IP addresses, something I don't have.

They do not want a new SUBNET like for the phones, so my question is if this issue can be resolved by supernetting or not??

If yes, how will this work in practical terms? Will I have to implement this after hours? How complicated is it and what precautions I need to take
LVL 11
Who is Participating?
wynandkunkelConnect With a Mentor Commented:
Hi yes you can do this with supernetting.  If this is your internal LAN you can change it to something like which will give you the following:
Network start:
Network end:
- You will not have to change your existing IP addresses
- You will have more than enough IP addresses available

In practical terms you could attempt it during the daytime (being a bit oldschool I would not) and complete this before adding any additional devices.

1 - Firewall
I am assuming you have access to the firewall, so the first order of business would be to change the subnetmask of the Internal Interface

2 - Servers
Now change the subnetmasks of all the servers

3 - Desktop
Again I am assuming you are using DHCP to hand out IP addresses.  Change the DHCP scope to hand out the new subnetmask.

4 - Other
If you have printers and other IP based paraphenalia change the subnetmask now.

The theory behind this is that since the machines will be using ARP to get each others' IP, and it being a flat network the devices will still be able to communicate.  The only tricky step is the one right at the beginning (i.e. the firewall) where if you have NAT definitions they might act up due to the differing subnetmasks (again my sensibilities would say, do this or at least do the firewall and servers after hours)

After having done all this, now you can add the additional devices.

With regards to the VPN, I would allocate a different subnet (something like to the VPN connections which would allow you to easily see on a server or desktop whether a VPN connection is made to that adress.
Zephyr ICTCloud ArchitectCommented:
If you change your subnet to (as example, you don't need to make it this big of course), then the phone system will still be in the same subnet.

This change isn't quite so extensive, but can cause downtime when changing these settings on switches/routers etc...
manav08Author Commented:
Sounds a bit of work guys :)
How will I do all this remotely?
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

That puts a lightly different spin on things :-) , but you should still be able to do this in the order as I have it above.  Just ensure that you have rock solid access to the firewall i.e. on the outside via VPN.  As long as you are connected to the outside of the firewall and can manipulate the rulebase, you should be OK.

Personally, I would after having changed the internal firewall interface subnet, create a NAT and a rule that allows direct RDP to one or two servers, albeit just from the other offices' public IP, since you are going to have a machine to for example log into the web interfaces of printers to change the subnetmask.
Zephyr ICTCloud ArchitectCommented:
Yeah, it's doable from remote ... Start from the back and make sure you do the firewall first, like wynandkunkel mentioned.

But if the servers or other equipment don't change IP-address normally you shouldn't see much problems...
manav08Author Commented:
Let's say the forewall is, can it talk to a server which is ??
Technically they might look to be in the same network but they are not.  So  no, you will have to change the firewall interface subnet first to also be /22 or That will then make and be in the same IP subnet.
manav08Author Commented:
Although I never got around to doing this because we eneded up using another subnet for this new set of IPS and performed routing between the 2, but I am sure if I would have tried it. It willl have worked.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.