Options
Increasing inside subnet in production
Hi
I seem to really need a proper explanation for this issue..
I have got a customer who has a 172.16.5.0/24 inside network. Their network consist of an ASA5510 which is connected to a layer 2 switch which then runs out to multiple other layer two switches.. Pretty simple network.
The first 150 adresses of the 172.16.5.0/24 is reserved for servers, rest is for client machines and VPN clients. They are now facing the issue of running out of ip addresses in the /24 scope, so i want to change their subnet to a /23
My colleague keeps saying that i can just change the subnet mask to a /23 (255.255.254.0) on the inside interface of the asa.. And tell them to modify their dhcp scope and start changing the subnet mask on the servers manually without it having any effect on the users in the production network..
But how!? I understand that changing the subnet to a /23 the range will now go from being a 172.16.5.0/24 to 172.16.4.1 being the first useable host address and 172.16.5.254 being the last. - Because we're not moving the servers down to the lower range of the /23 (to the 172.16.4.x) address space, clients who still has an active lease for a /24 address will still be able to contact the servers because they remain in the /24 address space but with a /23 subnet mask right? The only thing that won't work is that clients that receive ip addreses in the 172.16.4.x address space wont be able to communicate with clients who hasen't renewed their ip address and still has an address in the /24 network right?
I seem to really need a proper explanation for this issue..
I have got a customer who has a 172.16.5.0/24 inside network. Their network consist of an ASA5510 which is connected to a layer 2 switch which then runs out to multiple other layer two switches.. Pretty simple network.
The first 150 adresses of the 172.16.5.0/24 is reserved for servers, rest is for client machines and VPN clients. They are now facing the issue of running out of ip addresses in the /24 scope, so i want to change their subnet to a /23
My colleague keeps saying that i can just change the subnet mask to a /23 (255.255.254.0) on the inside interface of the asa.. And tell them to modify their dhcp scope and start changing the subnet mask on the servers manually without it having any effect on the users in the production network..
But how!? I understand that changing the subnet to a /23 the range will now go from being a 172.16.5.0/24 to 172.16.4.1 being the first useable host address and 172.16.5.254 being the last. - Because we're not moving the servers down to the lower range of the /23 (to the 172.16.4.x) address space, clients who still has an active lease for a /24 address will still be able to contact the servers because they remain in the /24 address space but with a /23 subnet mask right? The only thing that won't work is that clients that receive ip addreses in the 172.16.4.x address space wont be able to communicate with clients who hasen't renewed their ip address and still has an address in the /24 network right?
Comments
-
Options
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
CorrectNetworking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
Options
ph4ntom74
Member Posts: 10 ■□□□□□□□□□
Would advise you to plan this properly and lease with the customer. Have him review your plan even if he can't understand it.
Open a maintenance window with customer after you gather all information about possible dowtime because there will be downtime as soon as the firewall/gateway changes its mask.
Changng the dhcp scope on the clients is nto the issue, the big issue there would be the server range. Another thing, do you have any NAT's going on there? Is there any DMZ with acl's and NATs?
You should probably have a more low level look at the impact that might cause.