+ Post New Thread
Results 1 to 4 of 4
Internet Related/Filtering/Firewall Thread, Change IP range, provide NAT for some old addresses. How? in Technical; I currently have a small IP range (192.168.100.0/24) that I need to expand. I was planning to use 172.16.0.0/23, doubling ...
  1. #1
    dayzd's Avatar
    Join Date
    Nov 2009
    Location
    In front of computer
    Posts
    407
    Thank Post
    77
    Thanked 61 Times in 49 Posts
    Rep Power
    25

    Change IP range, provide NAT for some old addresses. How?

    I currently have a small IP range (192.168.100.0/24) that I need to expand. I was planning to use 172.16.0.0/23, doubling my address space (which should be adequate for my network).

    We have a VPN connection to our local council, and they have firewall rules for certain IPs in our existing (192) range. Upon approaching them regarding changing the configuration in favour of the new range I'd like to use, I've been told the 172 addresses I'm planning to use are already in use on their internal system, and I should NAT the required addresses back to their original 192 flavour, to avoid requiring any system changes to the VPN setup.

    Given that my experience of NAT goes no further than my router at home (I do know what it is and what it is for), how might I go about achieving this?
    (The router than maintains the VPN connection is a Draytek Vigor 2820 and a Windows server runs my DHCP.)


    Please, no suggestions of "just change your new IP range to something the council don't use". I get the distinct impression they're in no rush to change the configuration of the VPN and thoroughly intend this is all handled at my end of the tunnel. It is my intention to be prepared if this is the case.

  2. #2
    dayzd's Avatar
    Join Date
    Nov 2009
    Location
    In front of computer
    Posts
    407
    Thank Post
    77
    Thanked 61 Times in 49 Posts
    Rep Power
    25
    (In the interests of post closure...)

    Fortunately, the county council have been able to make suitable NAT alterations to their equipment, so I don't have to do anything special at my end, other than make sure all the devices that are to connect over the VPN to their network have IPs in the first 172.16.0.x block. So that's DHCP reservations for the 25 machines that need them, then. Done.

    It turned out there was no way I could have done this in-house without having another router or gateway in place to NAT all my traffic back to 192 addresses before it left the building. All I needed to do was switch off and think about it again the next morning and it all suddenly became so clear!

  3. #3
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,178
    Thank Post
    80
    Thanked 261 Times in 233 Posts
    Rep Power
    78
    Why not make use of a class A range 10.10.*.* for example so you dont conflict with them and then get the mappings changed.

  4. #4
    dayzd's Avatar
    Join Date
    Nov 2009
    Location
    In front of computer
    Posts
    407
    Thank Post
    77
    Thanked 61 Times in 49 Posts
    Rep Power
    25
    The way it's been done (yesterday, using the above mentioned 172 range) required just as much work to implement and still required the local council to change their NAT settings. So would a class A range.

    Yeah, we have a limitation of 254 clients that can use the VPN tunnel, but in all seriousness, we only need 20 and I would imagine the council are better off using the smaller subnet anyway. If I'd used a class A range, the same situation could occur further down the line for someone else, because I'm using a bigger range than is required for my needs.

    Anyway, it's done now, and after a lot of fallout this morning that I didn't expect, everything is working.

    I'm quite pleased with myself, considering all the roadblocks that got in my way when changing my internal IP range: Broken VMware hosts, unmountable NFS shares, corrupt VMware machine configurations...

SHARE:
+ Post New Thread

Similar Threads

  1. BT Business Hub - Changing IP Address Range?
    By flashsnaps in forum Hardware
    Replies: 0
    Last Post: 2nd February 2010, 08:59 PM
  2. Changing IP range
    By localzuk in forum Windows Server 2000/2003
    Replies: 12
    Last Post: 10th June 2009, 12:31 AM
  3. Changing IP ranges but keeping server on both?
    By Halfmad in forum Wireless Networks
    Replies: 4
    Last Post: 5th April 2009, 07:27 PM
  4. Replies: 9
    Last Post: 12th August 2007, 01:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •