Routing Between Primary/Secondary LAN Networks

Hello. The person that originally set up our LAN originally used a 192.168.1.x/24 network for the main LAN with other networks such as 192.168.4.x/8.x/12.x/16.x/20.x/24.x for the BOVPNs.

Naturally the 192.168.1.x/24 is bad all around and we have been having conflicts with people working from home trying to access resources on the main LAN.

My goal is to change the network scheme over to a 10.x.x.x or a 172.16.x.x. I see that the method here https://watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/second_net_config_c.html says to create a Secondary Network IP Address.

That seems simple enough, but if I was to start a 10.x.x.x or a 172.16.x.x network as a secondary, would devices that are still in the 192.168.1.x range be able to communicate with devices on a 10.x.x.x or 172.16.x.x network and vise-versa?

Currently my DHCP is set up for the 192. If I switch that to the new network range and DHCP Clients start getting the new address range, would they be able to communicate with devices still on the 192.168.1.x side until I can get those moved over? Those are mostly statically set.

Any insight is appreciated.

Comments

  • I believe that you need to add policies for allow cross subnet traffic even if on the same firewall interface.
    You can set up a test with a single PC to verify this such as via Ping to a PC or server on 192.168.1.x from a device on the new subnet.

    If needed:
    . add an Any packet filter From: 192.168.1.0/24 To: the new subnet
    . add an Any packet filter From: the new subnet To: 192.168.1.0/24
    This will guarantee that the traffic will be allowed.
    When conversion is done, you can remove these 2 policies.

  • @Bruce_Briggs I assume that I would need to do the same for BOVPN networks to the new one?

  • Comcast home modems have a default LAN ip of 10.0.0.0/24 so I would recommend using a 172.16.0.0 IP subnet for your LAN.
    This has caused me a few headaches during COVID.

    It's usually something simple.

  • "I would need to do the same for BOVPN networks to the new one?"

    Absolutely you need to include the new subnet in your BOVPN setups, at each end.

Sign In to comment.