This morning I started the deployment of Trimaco’s MPLS network through AT&T. It will be replacing the older IPSec site-to-site VPN currently in place between two corporate offices and two manufacturing facilities. Once the site connectivity is in place all locations will be configured to share a common internet gateway verses the individual gateways now in place.
I need to identify a good proxy server to put behind the existing PIX firewall that will act as the common gateway. I also need to get to work on some network schematics because my predecessor at Trimaco knew almost zero, hardly one damn thing, about subnetting. There are illegal subnets all over this network. Not classless but pure illegal, as in multiple 192 class C address spaces with /23 net masks. Please God, help the untrained who make it up as they go along. Or better yet just stop them.
Here’s what I’m thinking…
LAN IP address blocks delivered via Windows 2003 Server DHCP:
- 10.10.10.0/23 = Durham
- 10.10.20.0/23 = Manning, SC
- 10.10.30.0/23 = Phoenix, AZ
- 10.10.40.0/23 = St. Louis
The servers address spaces at 192.168.1.x will stay in place on their own subnet. This will require routing between VLANs on our Nortel Baystack 5510-48T but that’s bad medicine when a layer 3 switch is available. An inexpensive router with two Gigabit ethernet interfaces would also be able to handle this. I do want to change the subnet the servers are on from /23 to a legal /24. I need to look at how much configuration change this will require to accomdate the PAT and NAT entries at the gateway. My guess is little or no impact.
The end result should be dynamically assigned 10.10.x.x addresses to the workstations by location CPE with their default gateway ultimately being 192.168.1.250. I have to make sure that 192 subnet is available to all other subnets via routing tables before the switch can be flipped. I’ve also got to start shopping proxy solutions.
braindump(config-if)#>exit