Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
2
Replies

changing network address w/ remote internet access-Help needed

vintage_car
Level 1
Level 1

‎01-12-2007 08:53 PM - edited ‎03-03-2019 03:20 PM

Posted: Today at 11:25 pm Post subject: changing network scheme with offsite internet access

--------------------------------------------------------------------------------

I'm changing a network scheme from 10.245.1.145 255.255.255.240 to a 10.245.3.1 255.255.255.0 network to allow for a large expansion of PC's. The location that is getting this change is a large remote office. The main office is the only place that has internet connectivity. The main office network is 10.245.1.0 255.255.255.128, the remote site has a 2620 series router and the main site has a cisco pix and there is a vpn between the 2. So where do I go first to make the router changes, b/c I will need access to both devices to test the VPN, but if I change one network how can I get to the other one to make changes? I will be onsite at the remote office when I will be doing this conversion.

Sepereate question: Is there any special commands that I need to run to make the VPN communicate on the new network once it is configured at both ends?

Labels:
0 Helpful
2 Replies 2

Amit Singh
Cisco Employee
Cisco Employee

‎01-12-2007 10:10 PM

Hello,

As you are changing the network scheme at the remote office and want the internet access from the main site, here are the steps that you should follow:

1. Set the new network as secondry network on the remote router interface.for example

conf t

interface fa 0/0

ip address 10.254.3.0 255.255.255.0 secondry

2. Allow this network pass through the PIX to go to the internet.You have to allow the network on the PIX using ACL's and also setting up the static route on the pix.

3. Allow this netwok to access the internet on the main office pix.Set the proper static routes for the return traffic.

4.Once you have this new subnet access the internet properly try reverting all the PC's to this new subnet ip.

5.Once you are done with all the PC's with the new ip addresses,remove the old network scheme on the main interface and then set this IP as the main interface IP.

6. Remove the old subnet from both the PIX's to access the internet.

Let us know if you have any doubts on this.

HTH,Please rate if it does.

-amit singh

0 Helpful

vintage_car
Level 1
Level 1
In response to Amit Singh

‎01-13-2007 05:26 AM

To allow that traffic pass from the 2620 to the main office pix will I have to create a new VPN for that traffic correct, (it will need a VPN when I'm finished with the change) for the pix ACL it will look like

access-list 100 permit ip any 10.245.3.0 255.255.255.0

and a route of route outside 10.245.3.0 255.255.255.0 192.168.1.5 1

(192.168.1.5 would be the VPN path that I would have to setup between the 2620 and pix)

A firewall is in front of the pix that is allowing the internet traffic-the pix is only for VPN encryption, I think once I get to the pix at the main site I have it made, but what route would be for return traffic?

Can all this be done and not disrupt the current IP addresses at the remote site?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card