HPE Community
HPE Aruba Networking & ProVision-based
1832690 Members
2817 Online
110043 Solutions
New Discussion

Re: Adding a Subnet

 
SOLVED
Go to solution
Bellaireroad
Occasional Contributor

‎04-22-2012 05:43 PM

‎04-22-2012 05:43 PM

Adding a Subnet

Hello,

 

I am adding a Barracuda VPN device to the LAN.  The barracuda must exist in a separate subnet-per tech support.  My hardware is a cisco 1941 router and procurve 3500yl.  The existing LAN uses 192.158.1.0/24 for addressing.  I am restricted to one IP address from the ISP and use NAT on the router to port forward a server on the LAN - the barracuda will need to be port forwarded as well.

 

What would be the best way to set this up? Creating a second VLAN for the barracuda, or something else?

0 Kudos
7 REPLIES 7
paulgear
Esteemed Contributor

‎04-23-2012 04:48 PM

‎04-23-2012 04:48 PM

Re: Adding a Subnet

You can certainly do this by adding a VLAN to your 3500, turning on routing, and setting up routes between your 1941 and your 3500 (i personally would do this using OSPF, but you might find static routes simpler and easier), and putting the Barracuda on the new VLAN.

 

But i think you'll find that it's only the VPN clients that need a separate subnet and your Barracuda can go on your existing VLAN.  In that case you'd probably be better off setting up dynamic or static routing between the 1941 and the Barracuda.


More info would be required to know which is the best solution for your environment.

Regards,
Paul
0 Kudos
Bellaireroad
Occasional Contributor

‎04-24-2012 09:02 PM

‎04-24-2012 09:02 PM

Re: Adding a Subnet

Thanks for the reply.  I will get back to tech support and ask them to clarify whether or not it is the clients only that need the subnet.  This is the initial explanation I got from barracuda

 

After talking it over with my Tier II, the ONLY way to obtain internal ip addresses through ipsec/pptp/network connector/etc, you have to either change your network ip configuration from 192.168.1.0 to 192.168.0.0/16 or deploy a routing network solution to have two subnets. These resources WILL NOT work on any subnet other than 192.168.0.

 

 

But i think you'll find that it's only the VPN clients that need a separate subnet and your Barracuda can go on your existing VLAN. In that case you'd probably be better off setting up dynamic or static routing between the 1941 and the Barracuda.

 

Could you elaborate on why this is a better solution?  My limited understanding is that by setting up subnets, the switch could do most of the routing, and only a  static route would be necessary to the Barracuda VLAN from the 1941.  In the second scenario, the router would be doing the work, and the switch would be functioning as a layer 2 device. 

 

Best Regards, Roger

0 Kudos
Bellaireroad
Occasional Contributor

‎04-26-2012 01:08 PM

‎04-26-2012 01:08 PM

Re: Adding a Subnet

Tech support got back and the appliance must be on a separate subnet.  I have implemented this configuration- barracuda is on port 37

 

On the switch

exit
ip default-gateway 192.168.1.1
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-36,38-48
   ip address 192.168.1.37 255.255.255.0
   no untagged 37
   jumbo
   ip igmp
   exit
vlan 2
   name "Basrracuda"
   untagged 37
   ip address 192.168.0.1 255.255.0.0
   exit


on the router

ip route 192.168.0.0 255.255.0.0 192.168.1.37

 

barracuda ip address

192.168.0.4 255.255.0.0 GW 192.168.1.1

 

ping 192.168.0.1 from switch - success

ping 192.168.0.4 from switch - success

ping 192.168.0.1 from router - success

ping 192.168.0.4 from router - fail

ping 192.168.0.1 from 192.168.1.113 -sucess

ping 192.168.0.4 from 192.168.1.113 - fail

 

Am I missing a route on the router or switch? or something else? thanks

0 Kudos
paulgear
Esteemed Contributor

‎04-26-2012 03:46 PM

‎04-26-2012 03:46 PM

Solution

Re: Adding a Subnet

That setup definitely will not work.  The reason is that you have overlapping subnets: 192.168.0.0/16 comprises all networks beginning with 192.168., and because 192.168.1.0/24 is part of that, the Barracuda will think it's on the same subnet/VLAN as the rest of your network, which it's not.

 

I think your Barracuda dealer/tech support is giving you some wrong information, because i've never seen a network device of any description (especially a Linux-based one like Barracuda) that insisted on having the entire 192.168.0.0/16 address range.  If you configure it with a /24 mask (255.255.255.0) instead of /16, i think it should work.  (But i say that without ever having worked with that equipment, so no guarantees. :-)  You would need to change the mask in all 3 places: Barracuda, switch, and router.

Regards,
Paul
0 Kudos
paulgear
Esteemed Contributor

‎04-26-2012 03:50 PM

‎04-26-2012 03:50 PM

Re: Adding a Subnet

And just a quick follow-up on why i think not using the switch as a router would be a better solution:

 

In my opinion, all other things being equal (especially link bandwidth), the fewer routers you have in the design, the easier it will be to troubleshoot.  But the configuration you have set up now (apart from the subnet overlap) should still work.

Regards,
Paul
0 Kudos
Bellaireroad
Occasional Contributor

‎04-26-2012 07:14 PM

‎04-26-2012 07:14 PM

Re: Adding a Subnet

Paul,

Thanks immensely for your help, it is working great!!   I need to go back and take networking 101 again :)

0 Kudos
paulgear
Esteemed Contributor

‎04-26-2012 07:28 PM

‎04-26-2012 07:28 PM

Re: Adding a Subnet

Glad to hear it's working! :-)

Regards,
Paul
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.