Subnet masks

Discussion in 'Windows Networking' started by Roshak, Nov 5, 2004.

  1. Roshak

    Roshak Guest

    I am fairly new to networking I am setting up my first
    windows 2003 network at my church and someone else at the
    church is setting up their first Cisco pix firewall. They
    have asked me to change to subnet mask from 255.255.255.0
    to 255.255.252.0 for vpn purposes so that the fire wall
    will give out ips on one subnet and the network will give
    ips out on another subnet and they should be able to see
    each other. I have a couple of questions one should I
    delete my current scope and start over or should I edit
    the current scope. Second, is there a better way of doing
    this?

    Thanks
     
    Roshak, Nov 5, 2004
    #1
    1. Advertisements

  2. Roshak

    roshak Guest

    This might be obvious but the reason the guy that is
    programing the cisco firewall wants to have his own subnet
    is for the vpn clients.
     
    roshak, Nov 5, 2004
    #2
    1. Advertisements

  3. You don't need to have two subnets in the first place,....but if you
    insist,...then just use two full "networks" and forget the confusion of
    fooling with Masks and Splitting Rules. No sane person would use publicly
    assigned numbers on a private network now-a-days, so I assume you are using
    private addresses.

    Personally, I see no true effective reason to run VPN on a different subnet
    or network. all it does is over complicate the system and make it more
    difficult to troublshoot. Although subnets and networks can be one "element"
    in a security model, they are not in & of themselves, considered a "security
    model". Things can be equally secure or insecure no matter if you have
    subnet nets or not. So if you even have to ask this question, then you may
    not know how to even use subnets to create a security model which leaves you
    in the same situation whether you even used them in the first place or not.

    Our system here at this TV Station is more complicated than any church
    organization would probably have and we have a VPN system covering well over
    20 sites spanning from Michigan to Puerto Rico and from Utah to Rhode
    Island. The VPN interface is right in there with our primary subnet and does
    not have one of "its own".
     
    Phillip Windell, Nov 5, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.