SUBNET QUESTION: five buildings with five Lans

I have a new client with the following
Building-1   10.10.1.X
Building-2   10.10.2.X
Building-3   10.10.3.X


And they have set all of the subnets to 255.255.0.0  or 255.0.0.0  ( will confirm)  so "all of them can see each other"  
( they have an existing internet vendor that is providing a router at each building and is allowing them access across the internet.)
But they have not been happy with them and I am helping them configure new SonicWall VPNs with new Cable modems to a new cable company

I always have set my Sonicwall LAN ports with 255.255.255.0 and then the Site to Site VPN's handled the traffic very nicely for other businesses ( I must admit little knowledge on subnetting)

We are testing the new SonicWalls on a limited basis on all three buildings ( since we are in a live production enviroment)

If the client cannot change all their PCs from 255.255.0.0 should I change my SonicWall LAN to match ?
azpeteAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michal ZiembaIT AdministratorCommented:
Hi,
In short - yes. You better have the same subnet mask on each router in each building.

Mike

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
azpeteAuthor Commented:
And now that I am thinking about it, What is the correct subnet for 10.10.1.x
10.10.2.x and 10.10.3.x etc    is it   255.255.0.0. or 255.0.0.0 or 255.255.255.0

I suppose the original router could be custom configured to route appropriately but I like to have have my VPN buildings set to 255.255.255.0 for private lans,  just has always worked well that way,

Any thoughts appreciated
Fred MarshallPrincipalCommented:
This raises some questions.  Whether you want to address them or not is up to you.

I'm curious *how* the devices are set up.  Are they *all* set up with static / manually-entered IP addresses?  If so, then I understand how it's working.

If not, then how is DHCP configured?  One for each physical segment?  How do they not interfere with one another?

255.255.0.0 starting at 10.10.0.0 goes from 10.10.0.1 to 10.10.255.254 for the devices.  That's what you have as a subnet of 65,534 hosts/devices.

Maybe some clever person set up a DHCP server on 10.10.x.yyy with 255.255.255.0 as a subnet mask.
Then the subnets would be 10.10.x.0 and the DHCP servers wouldn't compete over the broader range.
So what if 10.10.x.255 isn't used (as it would not be).
But how does the DHCP NOT assign 255.255.255.0 as the subnet mask then??

Anyway, if this is how it's set up ... why bother to think of things as "divided" into smaller subnets that really aren't subnets anyway?

Maybe someone else has heard of this being done and knows how to do it.

Perhaps there's a solution for you in all this.  I understand the system is in production.
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Michal ZiembaIT AdministratorCommented:
As I understand, you would not like to change the Sonic Wall configuration and you don't want to change subnets in buildings, right? This might work but with some extra efforts.

In short - leave Sonic Walls subnet masks at 255.255.255.0 and make VPNs between buildings.
Add routing in all Sonic Walls for other networks and make sure that hosts has a static route to other networks pointing a Sonic Wall as Gateway.
I cannot tell you that this will work for sure but you may try it.
If you need further assistance I will be happy to help either with changing the subnet mask on Sonic Wall or testing the unsupported configuration which I've just described.
azpeteAuthor Commented:
I was talking with SonicWall tech support and they had me add custom NATs
which seems to fix everything and leaves my SonicWall LAN IP with a 255.255.255.0 subnet
here is a sample  

NAT
Original Source   ( Building-2)
Translated Source    ( LAN Interface IP)
Original Destination  ( LAN Subnets)
Translated Destination    ( Original)
Original  Service      ( Any)
Translated Service   (Original)
Inbound Interface  (Any)
Outbound Interface  ( Any)
Michal ZiembaIT AdministratorCommented:
This is also a possible solution.
azpeteAuthor Commented:
While I am happy that it is a solution, I am not sure what it is doing.
If someone can look at that NAT and generally describe what it does I would appreciate the education,.

Keep in mind that the above NAT is at Building-1 and "Building-2" is the following
Custom Address object  ( the LAN network at Building-2)
azpeteAuthor Commented:
Excellent !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.