Tips and Suggestions IP Address Re-Addressing?
Solution 1:
I would say this is a good time to step back and re-evaluate your ip design and not just dive in with what first comes off the top of your head. Which you are doing :)
The first thing I would do is make an evaluation of each site:
- Does the site have servers?
- How many?
- Do i expect this to grow in the next 3 years?
- By how much?
- Does the site have publicly facing servers?
- How many?
- Do I expect this to grow?
- How many clients are at the site?
- Does the site have a management network?
- What kind of technologies are implemented at the site? Do I plan to implement new technologies?
- iSCSI?
- VoIP?
- etc
- Does the site deal with anything that would fall under a sercurity certifications?
- HIPPA
- SOX
- PCI
- Do you have visitors?
- Do you implement WIFI?
- Do you allow guest access to WIFI?
- Am I going to allow client access vpn?
Once the evaluation is done, you can then proceed to designing your IP space.
I would then take the 10.0.0.0/8 subnet it up as needed (Plugging Evan Anderson's Great post)
For just about every one of those items above best practice is to give it it's own subnet (with the exception of the leading questions to determine size of course).
Solution 2:
One thing that I have run into with VPN access is that there are many vendors out there that use 10.0.1.x and 10.0.0.x addresses as the default. In my network 10.0.0.0/21 is our server subnet which makes it very difficult to support remote access. If I had it to do over again I would put the server address space at the very top of the 10-net space (somewhere like 10.253.0.0/21) because I have not seen vendors up that high in default configurations. If you have resources that you know absolutely wont be accessible from the VPN then you could utilize the lower end of ip space to those resources.
FWIW.. I know that Cisco / Linksys is in the 192.168. ranges and Apple ships Airports using either a 10 or a 172 address scheme.
Hope that helps