Simple netmask question, could some one please answer this question for me.
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by El CiD on October 11, 2007, 10:22 pm
Please log in for more thread options I will be setting up a cisco site to site vpn for the first time. I will attempt at creating two sites connecting to the main office. In order for the site to site vpn to work among site, I will need to have a different subnet per tunner. My idea is the following. 1st site. Address: 172.16.0.1 Netmask: 255.255.255.0 Wildcard: 0.0.0.255 = 254 hosts site 2 Address: 172.16.0.2 Netmask: 255.255.255.128 Wildcard: 0.0.0.127 = 126 hosts Address: 172.16.0.3 Netmask: 255.255.255.192 = 26 Wildcard: 0.0.0.63 Hosts/Net: 62 Am I correct to say that this setup will meet cisco requirement for separate subnet masks? even although the ip addressing is similar? I went from a site with 254 hosts to site 2 with 126 down to site 3 with 62 hosts. Each site has a distintive subnet mask. I would like to keep each site ip addressing similar as its easy to remenber. Site 1 ends with .1 site two with .2 and site 3 with .3 and please pardon my newbiness. I am trying to understand it all as I go. thank you. | ||||||||||||||||
|
Posted by Mike Drechsler - SPAM PROTECTE on October 12, 2007, 3:07 am
Please log in for more thread options Your address ranges overlap. It will not work. Try: 1st site address range: 172.16.0.0 - 172.16.0.255 Set your router to be 172.16.0.1 CIDR network notation: 172.16.0.0/24 netmask: 255.255.255.0 broadcast address: 172.16.0.255 maximum addresses: 254 2nd site address range: 172.16.1.0-172.16.1.127 Set your router to be 172.16.1.1 CIDR network notation: 172.16.1.0/25 netmask: 255.255.255.128 broadcast address: 172.16.1.127 maximum addresses: 126 3rd site address range: 172.16.1.128-172.16.1.191 Set your router to be 172.16.1.129 CIDR network notation: 172.16.1.128/26 netmask: 255.255.255.192 broadcast address: 172.16.1.191 maximum addresses: 62 Do not use the first or last IP's in the range (network route or broadcast IP). .0 and .255 are valid in the middle of larger sized IP blocks like /22 but can expose bugs in some software and routers that didn't expect these IP values. There is a handy dandy web based javascript calculator you can fiddle with here: http://www.subnet-calculator.com/cidr.php Basically your site routers will each need it's own range of addresses and those ranges cannot conflict with another router and subnet you are setting up. I'm guessing you aren't really running out of address space or you would understand the concepts much better. You may simplify things for yourself by just using /24 (255.255.255.0 netmask) sized subnets at all locations even though it wastes addresses for a small branch office that will never need that many IP's. eg: site1: 172.16.1.0/24 site2: 172.16.2.0/24 site3: 172.16.3.0/24 The IP address of the router does not NEED to be the very first usable address in the IP range but it is convention that you setup your routers as the first usable IP to avoid confusion. -- WARNING! Email address has been altered for spam resistance. Please remove the -deletethispart-. section before replying directly. Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com) | ||||||||||||||||
|
Posted by El CiD on October 12, 2007, 9:44 am
Please log in for more thread options Sir,
I would like to extend my gratitute in your answer for my question. Last night, I kept on reading and trying to understand on how I should approach my site to site vpn issue. I came to the same conclusion as the answer you have given me below. You clarified the matter for me, and now I have a better understanding on how the routing will work. Thank you very much. Yader On Fri, 12 Oct 2007 07:07:34 GMT, Mike Drechsler - SPAM PROTECTED >El CiD wrote:
>> Hello,
>> >> I will be setting up a cisco site to site vpn for the first time. I >> will attempt at creating two sites connecting to the main office. In >> order for the site to site vpn to work among site, I will need to have >> a different subnet per tunner. >> >> My idea is the following. >> >> 1st site. >> >> >> Address: 172.16.0.1 >> Netmask: 255.255.255.0 >> Wildcard: 0.0.0.255 >> >> = 254 hosts >> >> site 2 >> >> >> >> Address: 172.16.0.2 >> >> Netmask: 255.255.255.128 >> Wildcard: 0.0.0.127 >> >> = 126 hosts >> >> >> Address: 172.16.0.3 >> >> Netmask: 255.255.255.192 = 26 >> Wildcard: 0.0.0.63 >> Hosts/Net: 62 >> >> >> >> Am I correct to say that this setup will meet cisco requirement for >> separate subnet masks? even although the ip addressing is similar? >> >> I went from a site with 254 hosts to site 2 with 126 down to site 3 >> with 62 hosts. Each site has a distintive subnet mask. I would like >> to keep each site ip addressing similar as its easy to remenber. Site >> 1 ends with .1 site two with .2 and site 3 with .3 >> >> >> and please pardon my newbiness. I am trying to understand it all as I >> go. >> >> thank you. >
> >Your address ranges overlap. It will not work. > >Try: > >1st site >address range: 172.16.0.0 - 172.16.0.255 >Set your router to be 172.16.0.1 >CIDR network notation: 172.16.0.0/24 >netmask: 255.255.255.0 >broadcast address: 172.16.0.255 >maximum addresses: 254 > >2nd site >address range: 172.16.1.0-172.16.1.127 >Set your router to be 172.16.1.1 >CIDR network notation: 172.16.1.0/25 >netmask: 255.255.255.128 >broadcast address: 172.16.1.127 >maximum addresses: 126 > >3rd site >address range: 172.16.1.128-172.16.1.191 >Set your router to be 172.16.1.129 >CIDR network notation: 172.16.1.128/26 >netmask: 255.255.255.192 >broadcast address: 172.16.1.191 >maximum addresses: 62 > >Do not use the first or last IP's in the range (network route or >broadcast IP). .0 and .255 are valid in the middle of larger sized IP >blocks like /22 but can expose bugs in some software and routers that >didn't expect these IP values. > >There is a handy dandy web based javascript calculator you can fiddle >with here: http://www.subnet-calculator.com/cidr.php > >Basically your site routers will each need it's own range of addresses >and those ranges cannot conflict with another router and subnet you are >setting up. > >I'm guessing you aren't really running out of address space or you would >understand the concepts much better. You may simplify things for >yourself by just using /24 (255.255.255.0 netmask) sized subnets at all >locations even though it wastes addresses for a small branch office that >will never need that many IP's. >eg: site1: 172.16.1.0/24 site2: 172.16.2.0/24 site3: 172.16.3.0/24 > >The IP address of the router does not NEED to be the very first usable >address in the IP range but it is convention that you setup your routers >as the first usable IP to avoid confusion. | ||||||||||||||||
| Similar Threads | Posted |
| Simple netmask question, could some one please answer this question for me. | October 11, 2007, 10:22 pm |
| NAT-T question. | April 13, 2005, 12:02 am |
| VPN question | October 20, 2005, 4:16 pm |
| How To VPN Question | August 29, 2006, 9:52 pm |
| VPN Proposals question | May 2, 2005, 5:27 pm |
| An ode to OpenVPN, and a question | September 17, 2005, 10:06 pm |
| VPN setup question for XP. | August 21, 2006, 1:18 pm |
| A basic question about VPN ... | September 30, 2006, 5:19 pm |
| L2TP question | February 13, 2008, 2:23 pm |
| OpenVPN certificate question | May 3, 2006, 11:31 pm |
| Linksys BEFSX41 vpn question | July 31, 2006, 10:04 am |
| Very basic and easy question | January 17, 2008, 8:27 am |
| A question for IPsec ---ISAKMP | September 24, 2008, 10:49 pm |
| Noob Question VNP v's internet access | October 13, 2005, 10:02 am |
| Cisco PIX 515E RDP and Printing Question... | January 19, 2006, 4:21 pm |
>
> I will be setting up a cisco site to site vpn for the first time. I
> will attempt at creating two sites connecting to the main office. In
> order for the site to site vpn to work among site, I will need to have
> a different subnet per tunner.
>
> My idea is the following.
>
> 1st site.
>
>
> Address: 172.16.0.1
> Netmask: 255.255.255.0
> Wildcard: 0.0.0.255
>
> = 254 hosts
>
> site 2
>
>
>
> Address: 172.16.0.2
>
> Netmask: 255.255.255.128
> Wildcard: 0.0.0.127
>
> = 126 hosts
>
>
> Address: 172.16.0.3
>
> Netmask: 255.255.255.192 = 26
> Wildcard: 0.0.0.63
> Hosts/Net: 62
>
>
>
> Am I correct to say that this setup will meet cisco requirement for
> separate subnet masks? even although the ip addressing is similar?
>
> I went from a site with 254 hosts to site 2 with 126 down to site 3
> with 62 hosts. Each site has a distintive subnet mask. I would like
> to keep each site ip addressing similar as its easy to remenber. Site
> 1 ends with .1 site two with .2 and site 3 with .3
>
>
> and please pardon my newbiness. I am trying to understand it all as I
> go.
>
> thank you.