cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
149
Views
0
Helpful
3
Replies

supernetting

moogeboo1
Beginner
Beginner

Hi,

I need to expand the available hosts on our network.  The network is 192.168.0.x/24 and we are running out of IPs.  We have  single ASA and dumbswitches (Netgears).  If I change the subnet to 255.255.252.0, that would allow access to 192.168.0.x, 192.168.1.x, 192.168.2.x.  I can change the subnet mask on each static device, create a brand new DHCP scope, but will there be any change on the ASA besides just the subnet mask?  Remember, my switches are dumbswitches, and are not manageable.

 

Thanks,

Mooge

3 Replies 3

jj27
Rising star
Rising star

Changing the subnet mask on the ASA should be sufficient. You should also be mindful of any objects/NAT rules referencing 192.168.0.x/24 and changing their subnet masks as well to accomodate the new supernet.

Thanks JJohnston.  Another question to this.  Our 192.168.0.x environment has a VPN connection to 2 remote sites from this ASA.  In the ASA, we have the following:

 

access-list 101 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 extended permit ip 192.168.0.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list 120 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 130 extended permit ip 192.168.0.0 255.255.255.0 192.168.15.0 255.255.255.0

 

Would we need to add separate access list statements in the same pattern as above, or would changing the command (like below), to adjust the subnet mask be sufficient?

access-list 101 extended permit ip 192.168.0.0 255.255.252.0 192.168.2.0 255.255.255.0

access-list 101 extended permit ip 192.168.0.0 255.255.252.0 192.168.15.0 255.255.255.0
access-list 120 extended permit ip 192.168.0.0 255.255.252.0 192.168.2.0 255.255.255.0
access-list 130 extended permit ip 192.168.0.0 255.255.252.0 192.168.15.0 255.255.255.0

 

 

Thanks,

Mooge

You should change the subnet mask to reflect the /22 network keeping in mind that you will need to make the same changes on the remote end VPN device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers