Re: How expand domain subnet?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Gentlemen,
I understand that you are encouraging me to follow what is generally
regarded as best practice, and I thank you for your time. But you seem to
ignore some points of my plan.
1) The LAN will occupy the IP-space 192.168.0.0 to 192.168.3.255, defined in
the server subnet masks and the IDENTICAL DHCP scopes.
2) The DHCP servers are configured to dish out non-overlapping pools of 253
addresses each. So if a server goes down, DHCP does not need reconfiguring
until I get back from holiday.
3) Because PIX firewall is set up to configure a Cisco VPN client that
contacts it to route traffic for 192.168.1.x ONLY through the tunnel, only a
portion of the LAN is accessible to VPN clients - good.

So really my question boils down to this:
Although it is unusual to have a segment of TCP/IP LAN without internal
routers bigger than 256 potential nodes, is it feasible?
And using W2k3 DCs, is it only the subnet mask of fixed-IP DCs, external
routers/firewalls, and the DHCP scope, that need revising to expand from 256
potential nodes to 1024?

Using this much IP-space for only 200 hosts may seem profligate, but the
beauty of non-routable addresses is I am not squandering a shared resource.
But it is important to restrict the aperture of the VPN tunnel, not just on
security grounds, but if the VPN client is on a 192.168.x.x LAN it uses up
their resource.

Regards
--
Newell White


"Phillip Windell" wrote:

"Bill Grant" <not.available@online> wrote in message
news:%231n06GR3GHA.1268@xxxxxxxxxxxxxxxxxxxxxxx
Yes, VPC or virtual server is a great tool for testing network
configs. And 2G of memory is a realistic minimum figure for RAM
(especially with Longhorn/Vista needing 512M to install). I am currently
running two XP workstations with 2G RAM each to host 6 or 7 vms including
Vista/Longhorn to test various network configs.

I run 2gig on my workstation and I get about 5 copies of Server2003 and 1 or
2 workstation running at the same time without problems. I don't think I
pushed it much beyond that. Mainly I keep all my various copies of ISA
Server on it for working in the ISA Server Newsgroup which is the main group
I deal with.

At home I don't have as good of hardware but I run and extra copy of XP in
it so I can use it for the Internet browsing and can dump it without saving
changes (undo disks) if it gets infected with spyware,...helps keep my main
machine clean.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com



.

Relevant Pages

  • Re: ISA 2004 - MSSQL / Listening VNC Publishing - Denied Connection
    ... - Site-to-remote site VPN Client only to a specific Corba ... Provide firewall to our LAN that uses common application like IE, Outlook, ... I don't need to publish VNC and MSSQL to the VPN. ... This solution case is installed in a Win2003 Server with ISA 2004 Standard ...
    (microsoft.public.isa.publishing)
  • Re: VPN issue
    ... This could be in the security configuration of the visitors LAN. ... > The VPN client connected to its IPsec server, asked for my password, went ... > server can't be found. ...
    (microsoft.public.win2000.networking)
  • Re: Win 2003 VPN: Cannot reach LAN
    ... Looking at your routing table of VPN client, it seems like you are getting the default gateway address correctly. ... Also try the same for some LAN machine IP address ... Have you enabled forwarding on VPN server? ... Can you do "ipconfig /all" and "route print" on VPN server and send the output? ...
    (microsoft.public.win2000.ras_routing)
  • Re: computer missing from network
    ... LAN broadcasts. ... The VPN client is not on the LAN so the machines on the LAN ... server he can print to his printer. ...
    (microsoft.public.windows.server.networking)
  • Re: found a workaround = more confusion
    ... the internal LAN ... WWW server, 1 NIC, connected to the internal LAN ... -All servers have ISA set as the DG. ... VPN server which assigns the vpn client an OFF subnet IP address ...
    (microsoft.public.isa)