Re: How expand domain subnet?
- From: "Bill Grant" <not.available@online>
- Date: Fri, 22 Sep 2006 12:23:22 +1000
I will have a stab at the VPN routing question you raise. I think that
you are making an assumption which is not really true.
You seem to assume that, it you set up your LAN as 192.168.0.0/22, VPN
clients with 192.168.1.x/24 addresses will only be able to access LAN
machines which have 192.168.1.x addresses, and not be able to access
machines with, say, 192.168.2.x addresses.
IP routing doesn't work like that. 192.168.1.30/24 is not the same thing
as 192.168.1.30/22 . A machine in a subnet with a 24-bit subnet can route to
all of the machines in a subnet with a 22-bit subnet mask.
I believe that you will have trouble with your VPN if you change the
subnet mask on the LAN. If the LAN and the remotes are using addresses in
the same IP subnet, it is not using normal IP routing. It is using some sort
of proxy ARP (ie the server is doing proxy ARP on the LAN to receive packets
addressed to the remote clients) , and it will fail if you change the LAN
subnet mask.
"Phillip Windell" <@.> wrote in message
news:Oo4LwgZ3GHA.5000@xxxxxxxxxxxxxxxxxxxxxxx
"Newell White" <NewellWhite@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5BDAB452-376F-4BC6-9142-CE9FF7F32AD3@xxxxxxxxxxxxxxxx
Gentlemen,
I understand that you are encouraging me to follow what is generally
regarded as best practice, and I thank you for your time. But you seem to
ignore some points of my plan.
I'm not ignoring those points,...I'm telling you to stop doing them if you
want this to work right. Being "feasible" isn't the question for me and I
am not going to play it that way. "Two-Cans-and-a-string" is feasible,
but I'm not going to tell anyone to use that.
If you want the machines to "hang on" until you get into the office then
use the default DHCP Lease period of 8 days. That gives you about 4 days
to get in to fix it. If that isn't enough then make it thirty days which
gives you 15 days. The reason of the "half period" is because DHCP
Clients attempt to renew their lease at 50% of the Lease.
Creating a disaster of a LAN design just because you want to have the
machines not be affected by a down DHCP until you get back in the office
is...well...I don't know how to say it in a good way. LAN design is
primary,...DHCP schemes are secondary (not the other way around).
If you want one DHCP to keep it all running indefinately if one goes
down,..do this...
1. If you have 200 Hosts, then use two separate segments of 254 each.
(/24)
2. Have 100 hosts in each.
3. Identically configure two DHCP boxes as I described before and divide
them up with Exclusions. Remember to configure two Scopes on each to
represent each segment.
4. Configure the LAN router to forward DHCP Queries to the two DHCP
Servers.
5. Add a static Route to the Pix so that it knows to use the LAN Router as
the path to the segment on the far side of the router. Correct the Local
Addess Table on the PIX to include both LAN IP Ranges
Now there will be less than half the avialable address in use in either
segment,...which means that just one DHCP Server by itself will have
enough addresses to keep thing going indefinately,...and you are not
violating proper LAN design in the process of doing so.
If I think of anything else,..I'll post agan.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
.
- Follow-Ups:
- Re: How expand domain subnet?
- From: Newell White
- Re: How expand domain subnet?
- References:
- Re: How expand domain subnet?
- From: Bill Grant
- Re: How expand domain subnet?
- From: Newell White
- Re: How expand domain subnet?
- From: Bill Grant
- Re: How expand domain subnet?
- From: Newell White
- Re: How expand domain subnet?
- Prev by Date: Re: Unable to add a Client Computer to Windows Small Business Serv
- Next by Date: Event ID: 13 error
- Previous by thread: Re: How expand domain subnet?
- Next by thread: Re: How expand domain subnet?
- Index(es):
Relevant Pages
|
Loading
