Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Subnets / IP phones / Firewall...help!

Status
Not open for further replies.
speaktek

speaktek

Programmer
Dec 7, 2002
152
0
0
US
We've just installed new IP phones..as to reduce possible network issues, the vender recommed creating a separate subnet as follows...(I'm new to this, but trying to learn fast):

Original setup:
Firewall/Router = 192.168.1.1/24
2000 Server/DHCP = 192.168.1.2/24 (DHCP 192.168.1.150-250)
PC's Printers = 192.168.1.xxx/24 (Dynamic)
Printers = 192.168.1.XX/24 (Static)


New setup:
Firewall/Router = 192.168.1.1/16
2000 Server/DHCP = 192.168.1.2/16 (DHCP 192.168.1.150-250)
PC's = 192.168.1.xxx/16 (Dynamic)
Printers = 192.168.1.xx/24 (Static)
IP Phone Server = 192.168.2./16(static)
IP Phones = 192.168.2.xxx/24(static)

I was told the IP is arbitrary, and 192 could also be class 'B'. Everything is on the same physical network, but the phones and phone server on their own switch.

Is it OK to have different subnet parameters on the same network? All seems to be fine...except I have lost VPN access...my home router used to work at 192.168.0.1/24 (no options to adjust to third octet...is that the issue?).

Any recommedations? Thanks in advance!!!

 
Sort by date Sort by votes
Hi,

Avoid 192.168.X.X addressing for Office because usually routers are configured with 192.168.1.X address. Use 10.x.x.x
 
Upvote 0 Downvote
you mean inexpensive routers like a linksys or a d-link and some of those even have limitations on the subnet which make them only able to service a certain number of clients.

192.168.x.x is fine or the class b or the class a 10.x.x.x for that matter a real router will handle them all...

it's the ethernet segment (ie switching) that is probably at issue with providing quality to the phone conversations correct?

Jeff
 
Upvote 0 Downvote
Yes...we're having some quality issues. Network is comprosed of 3 24-port SMC unmanaged switches. Vender recommend a low end Netgear as a possible solution (They say thay have more success with the low end switches...).

As I'm not a neetwork guru...and in fact just bought Networking for Dummies (not a bad book)...and want to set up the ideal network solution...which may mean adding additional routers...?

I wish I could attach my network diagram here for you to see...

 
Upvote 0 Downvote
Jeff:

I'm talking about average users, they buy router, plug it and try to connect to their office using vpn and they will have diffulty to browse if their office uses 192.168 also
 
Upvote 0 Downvote
Jeff:

Nothing about "vlans"...don't know what that is...

Based on my config aboove...does that make sense to mix different subnets like /16 and /24?

I changed my home router to 191.168.0.x/24, but still have issue accesssing one on the servers at 192.168.2.100/16?

Any recommendations?
 
Upvote 0 Downvote
On the VPN configuration, have you told your local router that the network you are connecting to is 192.168.1.x/24 (or 255.255.255.0?) If so your router thinks that the local network is 192.168.0.x, and the VPN configuration tells it where 192.168.1.x is, but it doesn't tell your router where 192.168.2.x is.

A possible alternate configuration for your home router is to configure your home router with an IP address of 192.168.129.1/24, and set the far side of the VPN connection to 192.168.1.0/26.
(there are other local IP address/subnet mask and VPN connection configuration options such as a local address of 192.168.65.1/24 and VPN connection configuration of 192.168.1.0/27)
Or you might be able to program your home router with a static route to tell your home router where 192.168.2.0 is

Michael Gallo
 
Upvote 0 Downvote
Whoops, after I got up and started working on something else I realized that my configuration probably won't work. It is fine from the home network side, but has a problem with the routers on the company network.

Michael Gallo
 
Upvote 0 Downvote
I guess I'm still not 100% with the subnet thing...
My config is:
192.168.1.1/16 for Firewall
192.168.1.2/16 for Server
192.168.1.150-250/16 for computers

192.168.2.100/16 for Phone Server
192.168.2.200+/24 for Phones

Is it OK to mix /16 and /24 ? The idea of course is to split up phone and other network traffic...
 
Upvote 0 Downvote
Yes.
The /16 and /24 just define for the device/host what other computers/devices they can talk to. For the phones - with a /24 subnet, they see anything with a 192.168.2.x address as another computer they can communicate to directly, without going through a router. for the computers with a /26 subnet, they see anything with a 192.168.x.x address as something they can talk to directly without going through the router.
For the firwall, with a /16 subnet, it thinks all networks with 192.168.x.x addresses are on connected to it's 192.168.1.1 interface, (which is why any outside network with any 192.168.x.x address trying to connect in with a VPN won't work)
 
Upvote 0 Downvote
BigShyBear:

So what should I set my linksys home router to? I'm stuck with 255.255.255.xxx for Subnet oprions. Just set it for any network ID other than the office network...?
 
Upvote 0 Downvote
Looks like setting my Linksys to 192.192.1.1/24 did the trick!

Thanks for everybody's help!!!
 
Upvote 0 Downvote
setting to 192.192.1.1 is not really a good idea. 192.192.x.x is a valid class C address, assigned to the Ministry of Education computer center - Taipei. This PROBABLY won't cause you any problems, but it is a better idea to use one of the valid private IP addresses for home. The only problem using 192.192.1.1 could cause you is if you needed to communicate with a computer at the Ministry of Education Computer center that had one of the other 192.192.1.x addresses assigned to it, your computer would not send packets out through the Linksys to the internet to Taipei.
It is a better style to use one of the valid private IP addresses. 192.168.x.x is one valid private IP address block, others are 10.x.x.x and 172.16.x.x-172.31.x.x.
In your case I would use one of the 172 addresses, such as 172.30.1.1 with the subnet mask of 255.255.255.0.
That gets you off the 192.168.x.x block which is causing problems with the company VPN router.
 
Upvote 0 Downvote
I'll do that...but for my edification, does the IP address really matter behing the firewall? Just wondering...

Thanks for all the info!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
2K
dl12345
dl12345
ramaning
  • Locked
  • Question
BIND DNSs Has Pointed to Diff IP Addresses.
Replies
1
Views
112
unixfreak
unixfreak
TheAceMan1
  • Locked
  • Question
Same IP Address ... Different Web Sites ... How? 1
Replies
4
Views
69
TheAceMan1
TheAceMan1
kidSmart
  • Locked
  • Question
Find IP Addresses of Target 1
Replies
1
Views
38
iggsterman
iggsterman
mrtechno77
  • Locked
  • Question
Lost all Containers and DC Server 2008 R2 - URGENT - HELP!!!
Replies
3
Views
46
technome
technome

Part and Inventory Search

Sponsor

Back
Top