Multiple subnets on SA520

Similar Messages

• Multiple subnets / NSX Question

  Hi guys
  Need a little bit of advice please.  I've inherited a collection of tiny server rooms, around 250 physical Windows 2003 server, spread over several buildings.  Almost each rack has it's own subnet, I've told management that they need to invest more in their network and a fully equipped server room / data center however falls on deaf ears!  Ideally I just want to invest in a small cluster with a SAN array in a single location and P2V all those VM's, however I need a little bit of advice on how to approach the subnet issue.
  I've had a very quick look at NSX and it seems to tick all the right boxes, is there something else I should be looking at or is something like NSX the way forward?
  Many thanks

  Sorry if there were some holes in my explanation.  I'm not a network guy so my knowledge on this is limited. 
  The end goal is to have all the physical servers (200+) running in many different rooms on multiple subnets, P2V'd onto a single cluster in a new location somewhere else in the building.  I don't know exactly why each rack has it's own subnet, maybe it's a legacy thing.  I asked the network team if they can present all those subnets to the new cluster but they said it can't be done due to the way the network is configured (no other explanation).
  Whilst I can ping the old physical servers from the new cluster I can't host any of the P2V's there as it's not picking up the old subnets, does that make sense?
  Regards
  Pete

• NAT 8.6 multiple subnets in a single static NAT

  Hello all, I have this question, probably pretty an easy to answer, but unfortunately I can't test it myself in a production environment right now.
  Do you know if is possible to have in ASA 8.6 a Static NAT rule with multiple subnets in both object groups. I currently have one to one subnet translation, but I need to add another two subnets.
  Today's configuration is this
  *** FROM ONE SUBNET TO ANOTHER ***
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  nat (Outside,Inside) after-auto source static REGIONAL-SOURCE REGIONAL-NAT dns
  What I need to accomplish is add two new subnets, but I want to see if is possible to do it using the same NAT rule, just adding the new 2 subnets.
  10.1.2.0/24 natted to 10.1.202.0 255.255.255.0
  10.1.3.0/24 natted to 10.1.203.0 255.255.255.0
  *** TWO MORE SUBNETS ARE NEEDED ***
  object-group network REGIONAL-SOURCE
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  If this is not possible I understand separate objects should be created with individual nat, I appreciate your comments and help.

  Hi,
  This should be no problem. It should work as you have thought.
  I tested the configurations on my own ASA
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Here at the results of the "packet-tracer" to show the translations
  ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.1.100/12345 to 10.1.201.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.2.100/12345 to 10.1.202.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.3.100/12345 to 10.1.203.100/12345
  As you can see, everything is fine
  Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• RV320 with NAT source from multiple subnets

  Hello,
  I want to buy a router that will do NAT for multiple subnets, such as in the following configuration from Cisco IOS:
  interface FastEthernet0/0
   ip address 172.16.1.1/12
   ip nat inside
  interface FastEthernet0/1
   ip address a.b.c.d/29
   ip nat outside
  ip nat pool dsl-pool a.b.c.e a.b.c.f prefix-length 29
  ip nat inside source list 20 pool dsl-pool overload
  access-list 20 permit 172.16.1.64 0.0.0.63
  access-list 20 permit 172.16.21.0 0.0.0.255
  It is possible on Cisco RV320 device?
  Regars.
  Krzysztof

  Hi,
  This should be no problem. It should work as you have thought.
  I tested the configurations on my own ASA
  object-group network REGIONAL-SOURCE
  network-object 10.1.1.0 255.255.255.0
  network-object 10.1.2.0 255.255.255.0
  network-object 10.1.3.0 255.255.255.0
  object-group network REGIONAL-NAT
  network-object 10.1.201.0 255.255.255.0
  network-object 10.1.202.0 255.255.255.0
  network-object 10.1.203.0 255.255.255.0
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Here at the results of the "packet-tracer" to show the translations
  ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.1.100/12345 to 10.1.201.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.2.100/12345 to 10.1.202.100/12345
  ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
  Phase: 4
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
  Additional Information:
  Static translate 10.1.3.100/12345 to 10.1.203.100/12345
  As you can see, everything is fine
  Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Upnp Multicast to multiple subnets

  I am running an arch box as a router. I have gotten it working quite well, doesn't almost everything I need. One issue that I am still having problems with is upnp port forwarding from a different subnet.
  My gateway(the arch router) is 192.168.5.1
  it is running the upnp service (linux-igd) and works fine reciving requests and forwarding port for anyone on 192.168.5.0/24
  I however have a second subnet at 192.168.2.0/28 and upnp programs on it do not successfully forward ports. I made sure I do not have filter multicast enabled on the 2nd router. I am not double nating either so I am not sure whats wrong.
  I made sure to add the multicast routes to my router as well ( i can't add them to the 2nd router but I don't think thats the issue)
  239.0.0.0       *               255.0.0.0       U     0      0        0 lan
  224.0.0.0       *               240.0.0.0       U     0      0        0 lan
  I googled the upnp standard at it says ttl of 4 so I should be fine going only 1 subnet away.
  One thing that I was attempted but couldn't figure out how to correctly set it was using iptables to increase the ttl on any multicast coming out of the arch box.
  If anyone can point out or explain what I am doing wrong I would be really thankful.

  While the Mac OS X GUI admin tools don't support specifying multiple subnets, this can be done if you simply define your own exports in /etc/exports. The exports(5) man page has the details. You'll basically want to have a separate export entry for each subnet. For example, something like:
  /Volumes/data -network 10.0.1.0 -mask 255.255.255.0
  /Volumes/data -network 10.0.2.0 -mask 255.255.255.0
  /Volumes/data -network 10.0.3.0 -mask 255.255.255.0
  HTH
  --macko

• Multiple subnets possible?

  All,
  I'm using my access point as a dhcp server in a test environment. Is it possible to have multiple subnets configured like a router-on-a-stick configuration?
  Thanks!
  John

  The AP can only support one DHCP scope, and only on the Native VLAN (i.e., untagged).
  There's only so much processor. Dumping a bunch of services on the AP is generally a bad idea. Ultimately it'll affect your performance & user counts.
  Good Luck
  Scott

• WRV200 - MULTIPLE SUBNETS

  I have basic knowledge on networking, and I'm trying to setup a wrv200 to work with my uncle’s business network.
  I’m working with multiple subnets.
  192.130.1.X
  192.130.2.X
  192.130.3.X
  192.130.4.X
  I have the internet on the 192.130.1.X
  My goal is to restrict the internet access with time ranges, on the 192.130.4.X in the wireless conection so I bought the wrv200 to be my access point, but I’m having problems with the setup I tryied to set the Internet IP to
  IP : 192.130.4.X
  Netmsk: 255.255.255.0
  Gateway: 192.130.1.30 - the server with internet sharing conection win2000
  DNS: ISP provided
  But the router don’t accept different subnets on the settings, My computer acctully uses the same config and it’s workin well….what is wrong? Any work around?
  Thank’s for your help in advance.
  Message Edited by JM_AG on 07-24-2008 05:04 PM
  Message Edited by JM_AG on 07-24-2008 05:04 PM

  hi. same scenario here as i was playing around with my router. i dunno if this is a problem with the firmware or a possible device limitation.

• Multiple subnets under one vlan

  Hi everyone,
  Is there any way to create multiple subnets under one VLAN ? Right now, I am using VLAN 110 and it's IP is 172.16.0.1/16.
  We have three types of devices on this VLAN.I want to create 3 or 4 subnets for those devices under this VLAN for reducing the traffic or broadcast ?
  Please advise me.....
  Thanks in advance

  Mohammed,
  As long as you have a single VLAN only, you will not reduce the amount of broadcasts in this VLAN by using several IP networks. Even if the stations are in different IP networks within a single VLAN, every broadcast will be sent across the entire VLAN to all stations, regardless of their configured IP address. Broadcasting is a matter of Data Link Layer, or Layer2, and if you keep a single Layer2 domain (the VLAN), you will keep a single, merged, large broadcast domain.
  Just to answer your question, you could assign multiple addresses to an interface in a single network/VLAN by using secondary IP addresses, for example:
  interface Vlan110
  ip address 172.16.0.1 255.255.0.0
  ip address 192.168.1.1 255.255.255.0 secondary
  ip address 10.20.30.1 255.255.255.0 secondary
  However, as I explained, this will only allow you to "stretch" multiple IP networks over a single broadcast domain so there is no saving in terms of broadcasts or traffic reduction. For that, you must resort to multiple VLANs.
  Best regards,
  Peter

• RV320: Need to use as gateway for multiple subnets

  We just purchased an RV320 as a replacement/upgrade to an RV042. Our Internet connection was upgraded to 200Mbps and the RV042 wouldn't handle that throughput.
  Our internal network has 4 subnets, all connected via a layer 3 switch. The RV320 is connected to one of those subnets and is the default gateway for the entire network.
  The RV042 had a "multiple subnets" setting that allowed it to perform NAT for the directly connected subnet and the other 3 subnets in our network. We would just add the other networks to the list in the RV042 and everything was fine.
  The RV320 doesn't seem to have the same functionality (or am I missing something?). It looks like there is some sort of multiple subnet support, but when we try to add another subnet the interface seems to be asking us to define a single IP address in that subnet (an IP address for the router?) as if all subnets will be directly attached to the router using VLANs (which is not the case in our network).
  We can set up the "advanced routing" option to define the other 3 internal subnets and how to route to them, etc. but will the RV320 perform NAT for the other subnets without any adidtional configuration?
  Can anyone shed any light on this?
  Many thanks!

  Precept,
  My name is Ismael, iam with Small Business Support Center. I like to start by asking is there a  particular reason that the switch is handling Layer 3/or DHCP? Normally when an RV042 is implemented you would need a Layer 3 switch as the RV042 only supports one DHCP scope.In addition all The RV0XX series does not support 802.1q VLAN.
  With RV320 you can setup multiple subnets under advance routing and still allow for it to pass DHCP for all of your 4 subnets and create 801.2q Vlan subinterfaces . Setting RV320 in this manner can create an ease in managing the network.
  If you are considering the RV320 to do Layer 3 / DHCP simply create your 4 Vlans or subnets. Add them to the DHCP scope and enable DHCP server for all subnets. Switch would have to be configured to Layer 2 for this to work.  The link below is a knowledge portal that could assist in creating DHCP and Vlans. Hope this helps you.
  http://sbkb.cisco.com/

• RV042 multiple subnet

  I'm trying to set up 2 subnet with two RV042 routers. One router will  act as a gateway and both WAN ports will be used by two different isp  connection. The first router (gateway) LAN IP will be 192.168.0.1/24.
  I  would also like to set up another router behind the gateway with with  separate subnet 192.168.1.X/24. And I would like clients on the  192.168.1.x subnet to use the internet through the gateway router and  clients on the 192.168.0.x subnet to access resources on the 192.168.1.x  subnet. Am I able to do this with two RV042?

  With firmware 1.x, you need not add the Allow access rule I mentioned in my previous post. But you need to add the 192.168.1.0/24 subnet to the "Multiple Subnet" list in the Setup>Network page of the first RV042 (gateway mode).
  In your configuration, the default gateway should be the WAN IP of Router 2.
  ROUTER 1 STATIC ROUTE DETAIL
  Destination IP: 192.168.30.0
  Net Mask: 255.255.255.0
  Default Gateway: 192.168.0.?
  You need not add any static route to Router 2, which knows the default gateway being 192.168.0.1/24.

• RV016 - multiple subnets

  Hei.
  I have been trying to configure my router for routing between subnets, unfortunately with no luck.
  Here is my situation -
  I have 2 networks which need to communicate with each other, no internet involved.
  Network A:
  RV016 router with IP: 192.168.0.2
  mask: 255.255.255.0
  there are cameras, PC's, PLC's conected to this network all with static IP address's.
  Network B:
  no router - all machines on this network have static IP's in the range 192.168.1.xxx and are connected via unmanaged switches.
  I need one of the PC's on network A to communicate with a PLC on  network B.
  I have tried to connect network B to A by connecting from a switch on network B to a LAN port on network A router and configuring the router for multiple subnets.
  I would really appreciate it if someone couold give me some pointers / steps to follow to make this work - my backup plan is to use another RV016 router configured to network B ip address.  But I dont have that yet.
  regards Ian.

  Hi Ian,
  You're correct the multiple subnet feature is what to use. To configure this-
  Go to the IPv4 tab and tick the enable multiple subnet box then click add/edit. On the next window type in a LAN IP address which can be anything you want... for argument sake I will say 192.168.100.1. Then type in the subnet mask, we will say 255.255.255.0. Click OK.
  Now, you'd need to configure the computers as an example such as-
  IP address 192.168.100.100
  Mask 255.255.255.0
  Gateway 192.168.100.1
  -Tom
  Please mark answered for helpful posts

• ISA550 and multiple subnets?

  Just picked up a ISA550 and have been playing around with it a bit but seem to be having some trouble.  I have two LAN subnets in my small business with approx 10 hosts per subnet.  I'd like to use the ISA550 to route between them (and to the internet) but can't seem to figure out how.  Is it just as simple as creating two VLANS?  Can the ISA550 route VLAN traffic?
  With my old RV042G, I had the option to setup multiple subnets inside the setup menu but I don't see any such area with the 550.  Any help would be appreciated!

  Each port is configurable.  So you just need to create a VLAN name and IP/Subnet for each port.
  For example, if you only have two subnets then you would do this:
  Port 1 IP address/network mask - 192.168.1.0/24
  VLAN  name for Port 1 - office_network
  Port 2 IP address/network mask - 192.168.2.0/24
  VLAN name for Port 2 - server_network

• RV042 Multiple subnet question

  I'd like to set each individual LAN port with different address i.e. LAN 1 192.168.1.1 and LAN 2 10.1.1.1 instead of using the multiple subnet feature and having all ports replying for the addresses created. Is this possible?
  Thanks

  Good afternoon,
  Thanks for using our forum
  HiHernandes Sousa Hernandes Sousa, my name is Haider and I am part of the Small Business Support Community. I tried to replicate your network and discovered that there are two ways to set/configure LAN port with different address i.e. LAN 1  192.168.1.1 and LAN 2  10.1.1.1 instead of using the Multiple Subnet  feature and having all ports replying for the addresses created:
  through  the help of an access-list because different LANs on a router will ping each other no matter what as they are physically connected by the  router. So, access list could be an option.
  through disabling Dynamic Host Control Protocol (DHCP). This will prevent the host to get an IP address and will help to stay in its own different network.
  I hope you find this information useful, also please do let me know how this works out.
  Greetings,
  Haider Ali Malhi
  Small Business Content Developer

• One Server multiple Subnets

  Hello All,
  I want to configure a single print servers for multiple subnets envorinment, i.e I have 10.0.0.0 network then I have 192.168.1.0 and some more subnets and networks .Can I have a single print server for all my users,If yes how can I achive this?
  Thanks in advance.
  Regards
  Divyendu

  divyendu_bhatt, you can use a router with teh layer 2 switch for vlans. For that you need to create Switched Virtual Interfaces (SVI). Use google to understand SVI and use of inline router...

• I have issue about multiple subnet on RV series

  now i connect RV with 300 series switch with 20 vlan. How i config RV series for NAT all vlan access to the internet ? because i use multiple subnet i can add only 5 vlan for access to the net it's not enough Please advice Thank you for kindly support.

  Siriphan,
  SG300 switch doesn’t do NAT or DHCP so you would have to have DHCP server on one subnet to issue IP address to multiple devices across Vlans.
  RV042 only support DHCP on Vlan 1
  You have to use the RV042 to NAT the traffic from SG300 switch. .
  So if you want to set the SG300 in layer 3 mode, while having DHCP Server giving out IP address across your network, while the RV042 NAT’s all your traffic. This can be accomplished
  RV042
  Local subnet 192.168.5.1
  Static routes for other subnets,
  192.168.10.0/24 192.168.5.254
  192.168.20.0/24 192.168.5.254
  10.10.10.0/24 192.168.5.254
  10.10.5.0/24 192.168.5.254
  SG300 (layer 3 mode)
  Vlan 1 192.168.5.254
  Vlan 2 192.168.10.1
  Vlan 3 192.168.20.1
  Vlan 4 10.10.10.1
  Vlan 5 10.10.5.1
  (You would need a DHCP server on a subnet, having turned on DHCP relay on SG300 switch)
  You would have a default route 0.0.0.0 0.0.0.0 192.168.5.1
  •n  Example –
  Thanks,
  Jasbryan
  Cisco Support Engineer
  .:|:.:|:.