manav08
asked on
Supernetting in Server 2012
Hi Guys,
I have an issue here.
We have 20 something spare IPs left on our subnet of 192.168.1.0/24
We are now getting a new phone system installed which needs to be run in the same subnet and required 50 IPs for the handset.
What we need is -
1. People who are using SOFT PHONE in remote offices and on mobile phone must be able to dial into our VPN firewall and connect to the internal phone system.
2. We need to provision these 50 something IP addresses, something I don't have.
They do not want a new SUBNET like 192.168.2.0 for the phones, so my question is if this issue can be resolved by supernetting or not??
If yes, how will this work in practical terms? Will I have to implement this after hours? How complicated is it and what precautions I need to take
I have an issue here.
We have 20 something spare IPs left on our subnet of 192.168.1.0/24
We are now getting a new phone system installed which needs to be run in the same subnet and required 50 IPs for the handset.
What we need is -
1. People who are using SOFT PHONE in remote offices and on mobile phone must be able to dial into our VPN firewall and connect to the internal phone system.
2. We need to provision these 50 something IP addresses, something I don't have.
They do not want a new SUBNET like 192.168.2.0 for the phones, so my question is if this issue can be resolved by supernetting or not??
If yes, how will this work in practical terms? Will I have to implement this after hours? How complicated is it and what precautions I need to take
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sounds a bit of work guys :)
How will I do all this remotely?
How will I do all this remotely?
That puts a lightly different spin on things :-) , but you should still be able to do this in the order as I have it above. Just ensure that you have rock solid access to the firewall i.e. on the outside via VPN. As long as you are connected to the outside of the firewall and can manipulate the rulebase, you should be OK.
Personally, I would after having changed the internal firewall interface subnet, create a NAT and a rule that allows direct RDP to one or two servers, albeit just from the other offices' public IP, since you are going to have a machine to for example log into the web interfaces of printers to change the subnetmask.
Personally, I would after having changed the internal firewall interface subnet, create a NAT and a rule that allows direct RDP to one or two servers, albeit just from the other offices' public IP, since you are going to have a machine to for example log into the web interfaces of printers to change the subnetmask.
Yeah, it's doable from remote ... Start from the back and make sure you do the firewall first, like wynandkunkel mentioned.
But if the servers or other equipment don't change IP-address normally you shouldn't see much problems...
But if the servers or other equipment don't change IP-address normally you shouldn't see much problems...
ASKER
Let's say the forewall is 192.168.1.1/24, can it talk to a server which is 192.168.1.100/22 ??
Technically they might look to be in the same network but they are not. So no, you will have to change the firewall interface subnet first to also be /22 or 255.255.252.0. That will then make 192.168.1.1 and 192.168.1.100 be in the same IP subnet.
ASKER
Although I never got around to doing this because we eneded up using another subnet for this new set of IPS and performed routing between the 2, but I am sure if I would have tried it. It willl have worked.
This change isn't quite so extensive, but can cause downtime when changing these settings on switches/routers etc...