azpete
asked on
SUBNET QUESTION: five buildings with five Lans
I have a new client with the following
Building-1 10.10.1.X
Building-2 10.10.2.X
Building-3 10.10.3.X
And they have set all of the subnets to 255.255.0.0 or 255.0.0.0 ( will confirm) so "all of them can see each other"
( they have an existing internet vendor that is providing a router at each building and is allowing them access across the internet.)
But they have not been happy with them and I am helping them configure new SonicWall VPNs with new Cable modems to a new cable company
I always have set my Sonicwall LAN ports with 255.255.255.0 and then the Site to Site VPN's handled the traffic very nicely for other businesses ( I must admit little knowledge on subnetting)
We are testing the new SonicWalls on a limited basis on all three buildings ( since we are in a live production enviroment)
If the client cannot change all their PCs from 255.255.0.0 should I change my SonicWall LAN to match ?
Building-1 10.10.1.X
Building-2 10.10.2.X
Building-3 10.10.3.X
And they have set all of the subnets to 255.255.0.0 or 255.0.0.0 ( will confirm) so "all of them can see each other"
( they have an existing internet vendor that is providing a router at each building and is allowing them access across the internet.)
But they have not been happy with them and I am helping them configure new SonicWall VPNs with new Cable modems to a new cable company
I always have set my Sonicwall LAN ports with 255.255.255.0 and then the Site to Site VPN's handled the traffic very nicely for other businesses ( I must admit little knowledge on subnetting)
We are testing the new SonicWalls on a limited basis on all three buildings ( since we are in a live production enviroment)
If the client cannot change all their PCs from 255.255.0.0 should I change my SonicWall LAN to match ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This raises some questions. Whether you want to address them or not is up to you.
I'm curious *how* the devices are set up. Are they *all* set up with static / manually-entered IP addresses? If so, then I understand how it's working.
If not, then how is DHCP configured? One for each physical segment? How do they not interfere with one another?
255.255.0.0 starting at 10.10.0.0 goes from 10.10.0.1 to 10.10.255.254 for the devices. That's what you have as a subnet of 65,534 hosts/devices.
Maybe some clever person set up a DHCP server on 10.10.x.yyy with 255.255.255.0 as a subnet mask.
Then the subnets would be 10.10.x.0 and the DHCP servers wouldn't compete over the broader range.
So what if 10.10.x.255 isn't used (as it would not be).
But how does the DHCP NOT assign 255.255.255.0 as the subnet mask then??
Anyway, if this is how it's set up ... why bother to think of things as "divided" into smaller subnets that really aren't subnets anyway?
Maybe someone else has heard of this being done and knows how to do it.
Perhaps there's a solution for you in all this. I understand the system is in production.
I'm curious *how* the devices are set up. Are they *all* set up with static / manually-entered IP addresses? If so, then I understand how it's working.
If not, then how is DHCP configured? One for each physical segment? How do they not interfere with one another?
255.255.0.0 starting at 10.10.0.0 goes from 10.10.0.1 to 10.10.255.254 for the devices. That's what you have as a subnet of 65,534 hosts/devices.
Maybe some clever person set up a DHCP server on 10.10.x.yyy with 255.255.255.0 as a subnet mask.
Then the subnets would be 10.10.x.0 and the DHCP servers wouldn't compete over the broader range.
So what if 10.10.x.255 isn't used (as it would not be).
But how does the DHCP NOT assign 255.255.255.0 as the subnet mask then??
Anyway, if this is how it's set up ... why bother to think of things as "divided" into smaller subnets that really aren't subnets anyway?
Maybe someone else has heard of this being done and knows how to do it.
Perhaps there's a solution for you in all this. I understand the system is in production.
As I understand, you would not like to change the Sonic Wall configuration and you don't want to change subnets in buildings, right? This might work but with some extra efforts.
In short - leave Sonic Walls subnet masks at 255.255.255.0 and make VPNs between buildings.
Add routing in all Sonic Walls for other networks and make sure that hosts has a static route to other networks pointing a Sonic Wall as Gateway.
I cannot tell you that this will work for sure but you may try it.
If you need further assistance I will be happy to help either with changing the subnet mask on Sonic Wall or testing the unsupported configuration which I've just described.
In short - leave Sonic Walls subnet masks at 255.255.255.0 and make VPNs between buildings.
Add routing in all Sonic Walls for other networks and make sure that hosts has a static route to other networks pointing a Sonic Wall as Gateway.
I cannot tell you that this will work for sure but you may try it.
If you need further assistance I will be happy to help either with changing the subnet mask on Sonic Wall or testing the unsupported configuration which I've just described.
ASKER
I was talking with SonicWall tech support and they had me add custom NATs
which seems to fix everything and leaves my SonicWall LAN IP with a 255.255.255.0 subnet
here is a sample
NAT
Original Source ( Building-2)
Translated Source ( LAN Interface IP)
Original Destination ( LAN Subnets)
Translated Destination ( Original)
Original Service ( Any)
Translated Service (Original)
Inbound Interface (Any)
Outbound Interface ( Any)
which seems to fix everything and leaves my SonicWall LAN IP with a 255.255.255.0 subnet
here is a sample
NAT
Original Source ( Building-2)
Translated Source ( LAN Interface IP)
Original Destination ( LAN Subnets)
Translated Destination ( Original)
Original Service ( Any)
Translated Service (Original)
Inbound Interface (Any)
Outbound Interface ( Any)
This is also a possible solution.
ASKER
While I am happy that it is a solution, I am not sure what it is doing.
If someone can look at that NAT and generally describe what it does I would appreciate the education,.
Keep in mind that the above NAT is at Building-1 and "Building-2" is the following
Custom Address object ( the LAN network at Building-2)
If someone can look at that NAT and generally describe what it does I would appreciate the education,.
Keep in mind that the above NAT is at Building-1 and "Building-2" is the following
Custom Address object ( the LAN network at Building-2)
ASKER
Excellent !
ASKER
10.10.2.x and 10.10.3.x etc is it 255.255.0.0. or 255.0.0.0 or 255.255.255.0
I suppose the original router could be custom configured to route appropriately but I like to have have my VPN buildings set to 255.255.255.0 for private lans, just has always worked well that way,
Any thoughts appreciated