Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

Subnet possible overlap for S2S VPN setup

Current config:

10.15.23.x

Gateway is 10.15.23.1

255.255.255.0

Want to expand DHCP scope because we are out of IPs, but need to go up in the 3rd octet and not down.

Because the 3rd octet is odd for the subnet, going to a 255.255.254.0, 255.255.252.0, 255.255.248.0, the new scope goes backwards.

So if I change the scope to 255.255.254, then the available subnets become 10.15.22.1 – 10.15.23.254

If I change it to 255.255.252.0, then available subnets become 10.15.20.1 – 10.15.23.254

If I change it to 255.255.248.0, then available subnets become 10.15.16.1 – 15.23.23.254

BUT…

If I change the subnet to 255.255.240.0, then the available subnets become 10.15.16.1 – 10.15.31.254

That takes care of going up on the available subnet. I can then set DHCP to be only in the range of 10.15.24.1 to 10.15.25.254, keeping the gateway on 10.15.23.1

Question is, we have other locations that are set to subnets of 10.15.22.x, 10.15.21.x, etc. that are setup with S2S VPN to our HQ, but not to each other because we are on a hub/spoke design. If we are not giving out IPs in those ranges for this expanded IP site, but the new subnet is still within those ranges for the other sites, will it cause a conflict with the other S2S VPNs and possibly devices in those subnets? I don’t think so because we are not giving out those IP ranges but I just need confirmation that this will be Ok.

Category: Entry Level Firewalls
Reply

Answers

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @radiman subnet will collide with your other locations, because it'll make an ARP request when it's in your subnet boundaries. It will not even try to route it over your VPN, except all endpoints getting an explicit route, but that's not really good.

    Best option would be a renumbering of 10.15.23.0/24 to something more future proof, like 10.15.24.0/23, 10.15.24.0/22 etc.

    —Michael@BWC

Sign In or Register to comment.