# Two Different IP Ranges on One Network



## dlebowski (Jul 6, 2007)

I need a little bit of guidance regarding a request that one of my clients is making. We have a WAN that consists of two different LANS. The one IP ranges is something like 88.888.88.x and the other is 77.777.77.x. We are trying to add a device to the 88.888.88.x network with an 77.777.77.x IP address associated with it. We have struggled to get the 77.77.77.x IP address to route. Does anyone have any suggestions? Any help would be greatly appreciated! Thanks.

-R


----------



## Couriant (Mar 26, 2002)

Those are invalid IP addresses 

Why do you need to give it 2 IP addresses? What are you trying to do exactly?


----------



## dlebowski (Jul 6, 2007)

Thanks for the quick reply. I just made those IP addresses up. I didn't do a very good job! 

Let me start over. What we are trying to do is get a video conferencing camera going. The video conferencing camera needs to have a certain IP address in order for the other sites within the WAN to communicate with it. The camera will reside on one LAN that has an IP range of X, but the IP address associated with the camera has an IP range of Y. We are not sure how to get the LAN to recognize the Y IP address. Let me know if this still doesn't make sense. Thanks.


----------



## Couriant (Mar 26, 2002)

So for example:

Your LAN right now is (ie) 192.168.0.0 /24
Your camera is getting an address from 192.168.1.0 /24? From what you wrote thats what you want and have.

What is your camera model?


----------



## dlebowski (Jul 6, 2007)

The LAN right now is 173.26.200.x and the camera is 74.19.183.162. The camera is a Polycom.


----------



## JohnWill (Oct 19, 2002)

Why are you using public IP ranges for your network? This is almost always a really bad idea. It would be MUCH smarter to use one of the IANA reserved address ranges for private networks.

192.168.0.0 ---	192.168.255.255
172.16.0.0 --- 172.31.255.255
10.0.0.0 --- 10.255.255.255


----------



## dlebowski (Jul 6, 2007)

We do use private, again I just made those up. So I will quit doing that because I am creating confusion. Let's take the scenario you provided and go from there. Thanks for you patience John.



> Your LAN right now is (ie) 192.168.0.0 /24
> Your camera is getting an address from 192.168.1.0 /24? From what you wrote thats what you want and have.
> 
> What is your camera model?


----------



## Couriant (Mar 26, 2002)

dlebowski said:


> The LAN right now is 173.26.200.x and the camera is 74.19.183.162. The camera is a Polycom.


(note I'm aware that the numbers are not correct)

So for clarification, do you need to get the camera on the 173 network?

(PS it would be much easier if you stick to your real private IP addresses )


----------



## Memnoch322 (May 11, 2005)

So you want a camera on to live on network "A" but talk back to applications or servers on network "b" correct? If you have a WAN i am sre you have some routing devices in place between the networks. You should be able to give the camera a IP for network it lives on, if your routing and ACL's are correct you shuld be able to hit it from ether side of the router.

Why dont you detail your network alittle more for us. Does it span over diffrent geographical locations? Is it all in the same building? is your "WAN" going over a point to point link? or VPN?


----------



## dlebowski (Jul 6, 2007)

Yes. The camera needs to be on the 173 network.

(My next thread will have the real IP's)


----------



## dlebowski (Jul 6, 2007)

Memnoch,

The WAN does span over multiple geographic locations and it is a point to point link.


----------



## Memnoch322 (May 11, 2005)

Okay, I just re-read the thread. You really need to post your network configuration so we can figure out what you got going on.


----------



## Memnoch322 (May 11, 2005)

What kind of routers are you using? Cisco?


----------



## dlebowski (Jul 6, 2007)

This is how it currently is setup. Any suggestions on how I could it different or why you don't think it would work, would be appreciated. Thanks again for all your help.


----------



## Memnoch322 (May 11, 2005)

Your gateway device, is that a sonicwall? It seems like you have your LAN and then you have a DMZ. I dont really see what is happening here.


----------



## dlebowski (Jul 6, 2007)

The picture didn't come out very good. I am trying again. The firewall is a Watch Guard.


----------



## Memnoch322 (May 11, 2005)

I am kinda of confused. The firewall is your gateway for location one? Or that cisco is? What is the function of that cisco router? Does that firewall handle all the routing? is that "internal interface" just an ethernet connection fron the firewall to the router?


----------



## Memnoch322 (May 11, 2005)

Okay, this drawing makes a little more sense to me. I can update when you confirm some of the things I asked.









I cant seem to get my attachment to appear


----------



## Memnoch322 (May 11, 2005)

here we go


----------



## dlebowski (Jul 6, 2007)

The firewall is your gateway for location one? Or that cisco is?: The firewall is. The network at this location is very small and I believe they are just plugging directly into the router. 

Does that firewall handle all the routing? Yes

Is that "internal interface" just an ethernet connection from the firewall to the router? Yes, it is just an ethernet connection from a port.


----------



## Memnoch322 (May 11, 2005)

So make a rule in the firewall to allow the traffic from the LAN to access the opt.


----------



## dlebowski (Jul 6, 2007)

Thanks for the suggestion. I will look into it. 

What about if we set it up so the camera was on the LAN at that location. (see attachment) Is this possible? We were unable to get this to work using the IP assigned to the camera. If we gave it an IP from our LAN (173.26.200.x) then it would get to the phone bridge fine with this configuration on the network. It's when we assign it the 74.19.183.162 is when it won't get to the bridge while being on the LAN. We have to give the camera the 74.19.183.162 IP in order for the other sites on the WAN (not pictured here) to communicate with it. Let me know what you think on this one. Thanks!


----------



## Memnoch322 (May 11, 2005)

The more I look at this the more confused I am becomming. You have a internal LAN with the 173.x.x.x addressing scheme right? then you have a DMZ zone hanging of the OPT port of your firewall that you host all the web application and such on. Now I know that in Sonicwalls you can configure rules in the firewall to allow certain services to talk from OPT to LAN and LAN to OPT. This leads to the next question. What are the particualr needs of having the camera live on the LAN? If you place it in the DMZ you can hit from the public interface. Still kinda lost I think I am.


----------



## dlebowski (Jul 6, 2007)

I guess the only reason why I brought it up was because we did get the camera to communicate using a 173.x.x.x IP. So I felt maybe it would be easier to go this route. Just disregard it for now.

Based off the first diagram I sent you, I have the camera existing in the DMZ zone. Correct? Based off the diagram you sent me, it looks very similar to what I have setup in the first diagram I sent.


----------



## JohnWill (Oct 19, 2002)

dlebowski said:


> We do use private, again I just made those up. So I will quit doing that because I am creating confusion. Let's take the scenario you provided and go from there. Thanks for you patience John.


Since you use private IP addresses, there is absolutely no risk in just posting the actual addresses. It would probably confuse both you and us a whole lot less. I use 192.168.1.1...255. I don't feel a bit less secure now.


----------



## dlebowski (Jul 6, 2007)

OK. Here you go. This is it. This is how it is currently setup and we can't get the camera to communicate with the phone bridge and we aren't sure why. We are guessing it's a routing issue with firewall, but haven't been able to figure that out.


----------



## Memnoch322 (May 11, 2005)

Man, I am really not getting this I think. The IP addressing scheme you have in place, these IP addresses for the Phone bridge are these public? Or do you have these sitting behind the firewall in NAT mode? 

The cisco the sits in front of the phone bridge... and the other on that sits infront of that LAN segment, what are they doing? 

In this drawing you are showing me three networks.. the internet, the LAN and what liek I said before appears to be a DMZ. 

I see that you have a cidr notation of /28 and then you have a gateway ip listed as 72.15.184.142 and the node behind that is x.x.x.7. According to my calculations this is not a correctly subneted addressing scheme. with a subnetmask of 255.255.255.240 or /28 you would have only 14 usable IP addresses.

Also you say that this network spans accros two sperate location... I dont see where it does that in the drawing. 

Basicly if I was to show up at a location that was deployed as this drawing depects I would start restructuring it right away. 

So in the end what I am saying is that nothing looks configured correctly or I am just not getting it. Could be etherone! 

Does your router or firewall have a running config I can look at? you can just remove the password and other sensitive stuff.


----------



## dlebowski (Jul 6, 2007)

You are right about the subnetting scheme. Let me look into this further before I waste anymore of your time. I'll get back with you. Thanks again.


----------

