SUBNET QUESTION: five buildings with five Lans

I have a new client with the following
Building-1   10.10.1.X
Building-2   10.10.2.X
Building-3   10.10.3.X

And they have set all of the subnets to  or  ( will confirm)  so "all of them can see each other"  
( they have an existing internet vendor that is providing a router at each building and is allowing them access across the internet.)
But they have not been happy with them and I am helping them configure new SonicWall VPNs with new Cable modems to a new cable company

I always have set my Sonicwall LAN ports with and then the Site to Site VPN's handled the traffic very nicely for other businesses ( I must admit little knowledge on subnetting)

We are testing the new SonicWalls on a limited basis on all three buildings ( since we are in a live production enviroment)

If the client cannot change all their PCs from should I change my SonicWall LAN to match ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michal ZiembaIT System ArchitectCommented:
In short - yes. You better have the same subnet mask on each router in each building.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
azpeteAuthor Commented:
And now that I am thinking about it, What is the correct subnet for 10.10.1.x
10.10.2.x and 10.10.3.x etc    is it or or

I suppose the original router could be custom configured to route appropriately but I like to have have my VPN buildings set to for private lans,  just has always worked well that way,

Any thoughts appreciated
Fred MarshallPrincipalCommented:
This raises some questions.  Whether you want to address them or not is up to you.

I'm curious *how* the devices are set up.  Are they *all* set up with static / manually-entered IP addresses?  If so, then I understand how it's working.

If not, then how is DHCP configured?  One for each physical segment?  How do they not interfere with one another? starting at goes from to for the devices.  That's what you have as a subnet of 65,534 hosts/devices.

Maybe some clever person set up a DHCP server on 10.10.x.yyy with as a subnet mask.
Then the subnets would be 10.10.x.0 and the DHCP servers wouldn't compete over the broader range.
So what if 10.10.x.255 isn't used (as it would not be).
But how does the DHCP NOT assign as the subnet mask then??

Anyway, if this is how it's set up ... why bother to think of things as "divided" into smaller subnets that really aren't subnets anyway?

Maybe someone else has heard of this being done and knows how to do it.

Perhaps there's a solution for you in all this.  I understand the system is in production.
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Michal ZiembaIT System ArchitectCommented:
As I understand, you would not like to change the Sonic Wall configuration and you don't want to change subnets in buildings, right? This might work but with some extra efforts.

In short - leave Sonic Walls subnet masks at and make VPNs between buildings.
Add routing in all Sonic Walls for other networks and make sure that hosts has a static route to other networks pointing a Sonic Wall as Gateway.
I cannot tell you that this will work for sure but you may try it.
If you need further assistance I will be happy to help either with changing the subnet mask on Sonic Wall or testing the unsupported configuration which I've just described.
azpeteAuthor Commented:
I was talking with SonicWall tech support and they had me add custom NATs
which seems to fix everything and leaves my SonicWall LAN IP with a subnet
here is a sample  

Original Source   ( Building-2)
Translated Source    ( LAN Interface IP)
Original Destination  ( LAN Subnets)
Translated Destination    ( Original)
Original  Service      ( Any)
Translated Service   (Original)
Inbound Interface  (Any)
Outbound Interface  ( Any)
Michal ZiembaIT System ArchitectCommented:
This is also a possible solution.
azpeteAuthor Commented:
While I am happy that it is a solution, I am not sure what it is doing.
If someone can look at that NAT and generally describe what it does I would appreciate the education,.

Keep in mind that the above NAT is at Building-1 and "Building-2" is the following
Custom Address object  ( the LAN network at Building-2)
azpeteAuthor Commented:
Excellent !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.