Home > IT Answers > Security > Combining Networks with Same IP Scheme, VLAN,...
Ramii
5 pts.
Q:
Combining Networks with Same IP Scheme, VLAN,
ASA, LAN, VPN, WAN, Network management, PIX, VLAN, Network Topology, PIX 515E, PIX 506e, Cisco 3550, Network Configuration
Hi, We are combining an couple offices next week & i need some advice. The networks already have VLANs set up. we have a Cisco 3550 Layer 3 switch set up to route traffic. The servers are on this site also. The network IP's are 10.1.1.x, 10.1.4.x & 10.1.5.x. Servers reside on all of those networks. The network they are moving to is on a 10.1.3.x network. We have a Cisco PIX 506e & 515 set up to do VPN between the 10.1.1.x & 10.1.3.x networks. I have ordered another smart switch to put on the 10.1.3.x network so i can create the same VLANs on that network. (10.1.4.x & 10.1.5.x.) Am i thinking right that i need to do this, or should i be going a different route to set up the networks & route traffice the way i need to? I really want to keep the IP Scheme that everyone is already on, but if this cannot be done, i can do something else. I did read one situation from http://itknowledgeexchange.techtarget.com/itanswers/site-to-site-problems/ but this setup is almost the same as mine without the VLANs. Any assistance is greatly appreciated.

Software/Hardware used:
Pix 515, Pix 506e, Cisco 3550 Switch
ASKED: Nov 15 2009  4:12 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
Mrdenny
49385 pts.
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • Bookmark and Share
Unless you have very specific requirements to have a single subnet spanning both sites then all you should need to do is setup a VPN between both sites and configure the routers to route trafffic to the other site over the VPN link.
Last Answered: Nov 16 2009  0:51 AM GMT by Mrdenny   49385 pts.
  •   
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Labnuke99   27615 pts.  |   Nov 16 2009  2:15PM GMT

Is there really any reason to keep the traffic segregated by subnet now that the two sites are combining into one? Are there security or traffic considerations? If not, you would make administration much more simple by having a single common subnet for the site and maybe a separate VLAN for the servers vs clients. Unless security is an issue for the combined sites, then the VPN services would just make for complicated overhead. VLANs can be configured to segregate security domains also using ACL’s. Let us know more about your security and network segregation requirements. Otherwise, I would just recommend a single subnet for this site. This would also help you in the future if another organization is acquired and connectivity to that organization is required and they already use one of these subnets.

 

Petkoa   1195 pts.  |   Nov 16 2009  3:31PM GMT

Hi,

At some time I had four networks: 10.0.0.0/24 … 10.0.3.0/24, which happened to exist in “stand-alone” or bridged configurations; in bridged configuration all hosts kept their IPs, just DHCP server pushed them different network (10.0.0.0/22) and correspondingly different “attributes” (broadcast, DNS server IP and gateway IP). I believe you are looking for something like this - in your case, however, networks span at least 5 /24 networks, so your (probably) bridged network should have /21 metrics (in order not to change any IPs).

BR,

Petko A.