[isalist] Re: Extending a subnet
- From: "Reimer, Mark" <mark.reimer@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Sep 2010 08:04:19 -0600
Steve,
If you are using a /23 subnet on a 192.168.11.x range, it will include
everything in the 192.168.10.x range, not the 192.168.12.x range. If you
want/need 192.168.11.x and 192.168.12.x in the same subnet, you will
need to use a /21 subnet, which will then include 192.168.8.x up to
192.168.15.x. This is for the NIC.
Mark
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steven Comeau
Sent: Wednesday, September 29, 2010 6:29 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Extending a subnet
I guess the simplest question is, how do I modify the ISA server to
utilize a /23 subnet on 1 NIC?
Steve Comeau
Associate Director of IT Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com <http://www.scarletknights.com>
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Steven Comeau
Sent: Tuesday, September 28, 2010 6:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Extending a subnet
My ISA server has 5 NICs = 1 External, 4 Internal. The 4 internal NICs
separate out Staff, Students, Wireless, and Photographers. The wireless
network is growing immensely - I need to enlarge the subnet. I would
rather not add yet another NIC if I don't have to (would be less of an
issue with Virtualization, though).
To the NIC properties on the box, I added the additional IP address of
192.168.12.1 with a subnet mask of 255.255.255.0. I added that range in
ISA to the Network that had only 192.168.11.1 on it. I just need now
for the machines in 192.168.11.X to communicate (any and all protocols)
to/from 192.168.12.X. Like you mentioned, I probably have to add the
Route Add command, but I was hoping that I could just change something
in ISA to correct that (using routes in ISA). That is why I thought
about adding a second network name, on the same NIC, using the new range
and then routing between them with a Policy to allow all traffic.
Steve Comeau
Associate Director of IT Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com <http://www.scarletknights.com>
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jerry Young
Sent: Tuesday, September 28, 2010 5:26 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Extending a subnet
Steve,
So, it sounds like you only have one NIC on that ISA box? Or are there
multiple NICs, one for each network you have (internal, external, edge)
and you simply wanted to change the "size" of the internal network?
By adding 192.168.12.1 in the Advanced tab of the Network IP Properties
of the NIC, you really only added a virtual IP address to that NIC, not
a range (what subnet mask did you use, though?). When you say you're
trying to communicate between those two IP address (I assume
192.168.11.1 and 192.168.12.1), to which specific kind of communication
are you referring?
In any case, if you added another internal network to which you want
traffic from other legs of the ISA server to communicate with, usually
that's just a matter of adding the range to the Internal Network Element
in ISA and configuring a static persistent route on the server at the OS
level.
Usually, that means I would expect to see something like the following:
192.168.11.0/24 is the network on which the server's internal interface
resides.
You add 192.168.12.0 to 192.168.12.255 to the ISA Internal Network
Element (or increase the range from 192.168.11.0-192.168.11.255 to
192.168.11.0-192.168.12.255).
You add a persistent static route that points traffic destined to the
192.168.12.0/24 to the default gateway for the internal interface.
Example
Internal Interface IP Address: 192.168.11.10
Internal Interface Subnet Mask: 255.255.255.0
Internal Interface Default Gateway: 192.168.11.1
route add -p 192.168.12.0 mask 255.255.255.0 192.168.11.1
That route add command would create a persistent static route in the
server's routing table that would route all traffic destined for the
192.168.12.0/24 network to your default gateway.
This assumes, of course, that you have a separate NIC for each network
connected to the ISA server and not just one. If, however, you only
have 1 NIC to which all networks are bound, first, shame on you; I
believe Tom calls that Bork Mode. :) Be that as it may, though, we
should then try to understand what kind of communication you want to
occur between the specific IP addresses and take it from there (note
that there may be some things that simply just won't work).
On Tue, Sep 28, 2010 at 4:59 PM, Steven Comeau <
scomeau@xxxxxxxxxxxxxxxxxx> wrote:
Thanks Jerry. I did try to expand the subnet by changing the 3rd octet
(from 255.255.255.0 to 255.255.254.0) for the Subnet Mask on the NIC and
making the IP range larger, but that didn't work either. In ISA, I also
had changed the Network range from 192.168.11.0-192.168.11.255 to
192.168.11.0-192.168.12.255 with the larger subnet mask. Since that
didn't work, I tried the dual homed method.
Yes, you caught me and my bad spelling - dual homed the NIC to
192.168.11.1 and added 192.168.12.1 in the Advanced tab of the Network
IP Properties of the NIC. On ISA, I just added the 2nd Range of IPs to
the one Named Network in Networks configuration.
Perhaps I need to create a distinct Named Network with the new range of
IPs (same NIC as the other Named Network) and then create a Network Rule
Route between the two with Policy to allow all traffic between the two
Networks. Just thinking out loud. Any help is greatly appreciated!
Steve Comeau
Associate Director of IT Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com <http://www.scarletknights.com/>
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jerry Young
Sent: Tuesday, September 28, 2010 4:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Extending a subnet
Steve,
I'm not sure a 24-bit subnet mask is "standard", although it is probably
the most often used, and, technically speaking there are only 254 usable
IP addresses in that block (I know, I got a bit pedantic like Jim tends
to). :)
For the purposes of this discussion, though, you'll probably have to get
fairly specific with how you've carved up your networks and the IP
addresses you've added. The next largest block you can use is a 23-bit
subnet mask but that essentially doubles the total number of usable IP
addresses.
In general, though, you usually need to think in terms of IP address
ranges and then map backwards to required subnets.
So, when you say you've dual honed (I think you mean dual homed?) one
particular NIC to add an additional range of IP addresses, how did you
configure that NIC?
On Tue, Sep 28, 2010 at 3:57 PM, Steven Comeau <
scomeau@xxxxxxxxxxxxxxxxxx> wrote:
ISA 2006, on Win 2k3.
I have a situation where I need to add more IPs to a particular Internal
Network than the standard 256. On our ISA server, I've dual honed the
one particular NIC to add an additional range of IP addresses. I've
also changed the network parameter in ISA to account for the additional
IP range. Finally, I setup a Super Scope in DHCP to accommodate the new
IP range. From my other sites (Dial Up VPN), and even from the other
legs of the ISA server, there's no issues bi-directionally getting to
clients in the new IP range. However, I can't seem to communicate
between the two IP ranges on the same NIC. Is there some sort of
routing thingy I need to do on the ISA box?
Thanks in advance.
Steve Comeau
Associate Director of IT Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ 08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com <http://www.scarletknights.com/>
*** This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com <http://www.scarletknights.com/> ***
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com <http://www.youngcss.com/>
*** This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com <http://www.scarletknights.com/> ***
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com
*** This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***
*** This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***
Other related posts:
