Superscope/DNS/DHCP Question

[HPMatt]

Hello.

I have a bit of a strange problem that I'm probably looking at it the wrong way and making a mountain out of a mole hill... can anyone help?

Let me draw a picture of the network first.

I have one server (at the moment) which is the DHCP, DNS and DC. I have two network ranges assigned to me (which I cannot change) that are 168.185.57.1-128 and another 207.169.34.128-255 each with a subnet of 255.255.255.128.

I have configured DNS identically for each subnet. I have superscoped the two ranges into one Superscope for administrative ease (hahaha.)

Basically, everything works EXCEPT when someone on the 207.169.34.x network tries to connect to one of the printers (that happen to be on the 168.185.57.x network, now superscoped with the 207.169.34.x network) they cannot connect. A ping of the printers IP returns timed out.

People on the 168.185.57.x range have no issues connecting to the printers.

I thought this was a simple DNS issue, but now I'm thinking that I'm expecting the superscope to do something it is not designed to do. 168.185.57.x and 207.169.34.x are set in the routing table on the router.

I'm very confused as to how I can get both ranges working. Any assistance with this matter would be greatly appreciated!

Thank you!
Matt

 

[58sniper]

So your workstations have PUBLIC IP addresses? Yikes.

As for the issue, there needs to be a route between the two subnets. Whatever gateway is being assigned to the 207 subnet needs to be able to route traffic over to the 168 subnet.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[HPMatt]

Well, kinda. The router has two ranges which are managed by DHCP... the IP ranges are setup and given to us to use, and there is a hardware firewall protecting these IP's, but yes, still public IP's.

NAT would be the sensible solution here to prevent this, but unfortunately I'm using logic... something that the particular place I work seems to lack or even understand.

So far as I can tell there is a route between the two but I will double check. The router is managed so we can't touch it. Very strange/stupid configuration if you ask me.

I'm curious now. I think I know what the answer is but... what is the risk of having public IP's if there is a firewall present? All workstations are encrypted and have MS Firewall installed too with AV? Should be OK? (Cringe)

Thanks!
Matt

 

[ADB100]

Superscopes.....

SuperScopes aren't just a way of making grouping DHCP scopes to make managing them easier. What they do is group IP networks/subnets together because they are sharing the same layer-2 broadcast domain - secondary addresses in Cisco speak. The DHCP server can assign IP addresses from both ranges in the SuperScope to clients on the same broadcast domain.
Remove the SuperScope configuration and use individual scopes - you can usually configure everything in global options except the default gateway anyway.

I assume you have routing between the two networks and default-gateways point to the router that does this routing?

Andy