Security Basics mailing list archives
RE: IP renumbering vs. Stand-alone
From: "Burton Strauss" <Burton () FelisCatus org>
Date: Wed, 30 Nov 2005 12:16:25 -0600
If you can take some time and use DHCP addressing, you can probably do the renumbering with minimal impact. Modify your DHCP server to issue leases for a short period - 1-2 hours. All that does is cause a little extra traffic as they are renewed more frequently. The day of the change over, have all users shutdown their workstations as they leave. Then change the DHCP server to start issuing addresses in the new range (with updated gateway and dns assignments if necessary) and manually renumber any statically assigned IPs. When people come in the next day they'll get an address in the new range and be good to go. The only users who will have problems are those who are statically assigned and you don't know about. The easiest way to handle those is to set up a sniffer (tcpdump) and look for packets with the old addresses. -----Burton -----Original Message----- From: Mark Wilk [mailto:markwilk () gmail com] Sent: Tuesday, November 29, 2005 10:32 AM To: security-basics () securityfocus com; pen-test () securityfocus com Subject: IP renumbering vs. Stand-alone Hello Group, I work for a small office with around 100 users with two office buildings connected by fiber. The main office has two domain controllers and a Lotus Notes server, all running Win2k3 and the Satellite office has one domain controller running Win2k3. All of the users are or will be running Win XP and we use a PIX firewall. The issue we have is we recently set up an additional program (2 users) that is part of our organization but can also be treated as a stand-alone office. This separate office needs to VPN into another location that has the same internal IP numbering scheme as us thus causes a problem. Our two options are to renumber our internal IP address or to treat the office as a complete stand-alone and have them VPN into our network as well as the other location. The problem we run into with the stand-alone option is that this same program might be set up in the satellite office as well meaning they will have to VPN into 3 different locations. Another issue is the fact that both offices are located in the middle of nowhere, so the same ISP we have in the main office isn't available in the satellite office. What would be the best way to go about this? Has anyone had to deal with renumbering their network? How much downtime should I expect if I take this route? How difficult is it to set up multiple VPN connections on the same machine? -- Mark [Your Skills In Reading Have Improved +1]
Current thread:
- Re: IP renumbering vs. Stand-alone Mark Wilk (Dec 01)
- <Possible follow-ups>
- RE: IP renumbering vs. Stand-alone Burton Strauss (Dec 02)
- Re: IP renumbering vs. Stand-alone Gaddis, Jeremy L. (Dec 02)
- RE: IP renumbering vs. Stand-alone Probert, Brian (RTSI) (Dec 02)
- Re: IP renumbering vs. Stand-alone Mark Wilk (Dec 03)