I currently have a Windows Domain on my company's subnet. The subnet is 192.168.1.0.
Now, I ran out of addresses and I need to add a new subnet to my Windows 2003 server that will be 192.168.20.0.
The computers will be connected through a Layer 3 switch inside my network.
That means, no VPNs,etc.
What would I need to do in order to configure the computers to see my domain?
I should put for example:
IP address 192.168.20.23
Subnet mask: 255.255.255.0
Gateway: my firewall's IP address (192.168.1.1)
DNS server: 192.168.1.3 (my original Windows Domain machine)
Is this a proper setting?
Or do I need to assign an additional IP address to my Domain server machine on the other subnet as well.
I am a bit confused, I know there must be someone here that could clarify.
Using the settings you give as an example will not work. Your new computers won't be able to see the gateway as they will be on different subnets (192.168.1.0-192.168.1.255 and 192.168.20.0-192.168.20.255 - also written as 192.168.1.0/24 and 192.168.20.0/24). The easiest thing to do would be to change your subnet mask, everywhere, to 255.255.0.0. That will cover the range 192.168.0.0 - 192.168.255.255 (or 192.168.0.0/16). Otherwise you're going to have to use routing to enable the devices on the 192.168.1.0 and 192.168.20.0 subnets to talk to each other, which is unnecessarily complicated.
Thanks for the prompt answer.
And if I add a secondary IP to the domain controller PC that will fall on the same subnet as 192.168.20.0/24 will it work? if not I will go with your first option to switch all PCs (including all other VPN incoming connection from various sites) to subnet 255.255.0.0 to allow subnets to talk to each other.
Other than that there is nothing else I need to do so that computers can talk to each other right?
You'd need to add a secondary IP address to the Firewall, as that's the gateway, and then set the appropriate gateway address depending upon which subnet a computer is on. Your computers need to be able to talk directly to the gateway, and they can only do that if it is on the same subnet as them. You'd also need to set up routing, on the gateway, between the 192.168.0.0/24 and 192.168.20.0/24 subnets if devices on these two subnets wanted to communicate. With the gateway having addresses on both subnets, and routing in place, there would be no need for two addresses on your DNS server.
Changing the subnet mask everywhere to 255.255.0.0 would be the simpler option. In fact if your addresses are given out by a DHCP server most of the work could be done automatically.
I have a question. If a guest comes with the laptop and asks for an ip through dhcp (our company's current scenario), he will get the ip without any issue. What would be the best part in a security point of view? Also, 2 different subnetted clients should not talk to each other but should be able to talk to server only.