SBS 2008 and class B (supernetted) network

Hi,

I am migrating my 20 user network to SBS 2008. I have hit a problem with
the assumption (or intended restriction) that SBS makes about one's IP
address configuration. Although my LAN is small, my company is part of a
large group. Our network is not part of HQ's AD domain or anything like
that, but because of an IP-VPN line at our site that gives us access to
their SAP servers they want to control the IP configuration of all remote
sites. They have given me the following:
10.124.4.(1 - 254) /22 - routers
10.124.5.(1 - 200) /22 - DHCP clients
10.124.5.(201 -254) /22 - print servers and other non-server static IPs
10.124.6.(1-254) /22 - static IP for servers (AD, Email, Web, etc.)

The way I have things configured here is:
Internet gateway: 10.124.4.254 /22
IP-VPN gateway: 10.124.4.1 /22
SBS 2008 Server: 10.124.6.1 /22

When I try to run the CTIW wizard it fails. In fact it seems most of the
SBS wizards fail, and all for the same reason. They have been hard coded to
assume certain IP network configs. Is there any way around this? I imagine
I can revert back to doing everything the hard way and not relying on the
wizards, but I was kind of looking forward to an easier life with SBS.

TIA,

Jarryd

To create a class C network for your users and to satisfy SBS 2008 topology,
can you add another router with a WAN of IP of 10.124.4.254 (Internet
Gateway) and an internal IP of 192.168.1.1 (for example)? Since the IP-VPN
line and the Internet Gateway are in the same subnet (10.124.4.x), the
clients behind the new router should have access to the IP-VPN through the
gateway of the new router.

--
Merv Porter [SBS-MVP]
============================

"Jarryd" <> wrote in message
news:688E9576-381F-4C97-8067-...
> Hi,
>
> I am migrating my 20 user network to SBS 2008. I have hit a problem with
> the assumption (or intended restriction) that SBS makes about one's IP
> address configuration. Although my LAN is small, my company is part of a
> large group. Our network is not part of HQ's AD domain or anything like
> that, but because of an IP-VPN line at our site that gives us access to
> their SAP servers they want to control the IP configuration of all remote
> sites. They have given me the following:
> 10.124.4.(1 - 254) /22 - routers
> 10.124.5.(1 - 200) /22 - DHCP clients
> 10.124.5.(201 -254) /22 - print servers and other non-server static IPs
> 10.124.6.(1-254) /22 - static IP for servers (AD, Email, Web, etc.)
>
> The way I have things configured here is:
> Internet gateway: 10.124.4.254 /22
> IP-VPN gateway: 10.124.4.1 /22
> SBS 2008 Server: 10.124.6.1 /22
>
> When I try to run the CTIW wizard it fails. In fact it seems most of the
> SBS wizards fail, and all for the same reason. They have been hard coded
> to assume certain IP network configs. Is there any way around this? I
> imagine I can revert back to doing everything the hard way and not relying
> on the wizards, but I was kind of looking forward to an easier life with
> SBS.
>
> TIA,
>
> Jarryd
>
>
>

Hi Merv,

I guess I could do that, but it does mean that I am breaking from the rule
that has been set by HQ to assign specific address ranges to specific types
of devices. Is this a hard and fast SBS rule that you cannot use class B
network ranges?

TIA,

Jarryd

"Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
news:...
> To create a class C network for your users and to satisfy SBS 2008
> topology, can you add another router with a WAN of IP of 10.124.4.254
> (Internet Gateway) and an internal IP of 192.168.1.1 (for example)? Since
> the IP-VPN line and the Internet Gateway are in the same subnet
> (10.124.4.x), the clients behind the new router should have access to the
> IP-VPN through the gateway of the new router.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "Jarryd" <> wrote in message
> news:688E9576-381F-4C97-8067-...
>> Hi,
>>
>> I am migrating my 20 user network to SBS 2008. I have hit a problem with
>> the assumption (or intended restriction) that SBS makes about one's IP
>> address configuration. Although my LAN is small, my company is part of a
>> large group. Our network is not part of HQ's AD domain or anything like
>> that, but because of an IP-VPN line at our site that gives us access to
>> their SAP servers they want to control the IP configuration of all remote
>> sites. They have given me the following:
>> 10.124.4.(1 - 254) /22 - routers
>> 10.124.5.(1 - 200) /22 - DHCP clients
>> 10.124.5.(201 -254) /22 - print servers and other non-server static IPs
>> 10.124.6.(1-254) /22 - static IP for servers (AD, Email, Web, etc.)
>>
>> The way I have things configured here is:
>> Internet gateway: 10.124.4.254 /22
>> IP-VPN gateway: 10.124.4.1 /22
>> SBS 2008 Server: 10.124.6.1 /22
>>
>> When I try to run the CTIW wizard it fails. In fact it seems most of the
>> SBS wizards fail, and all for the same reason. They have been hard coded
>> to assume certain IP network configs. Is there any way around this? I
>> imagine I can revert back to doing everything the hard way and not
>> relying on the wizards, but I was kind of looking forward to an easier
>> life with SBS.
>>
>> TIA,
>>
>> Jarryd
>>
>>
>>

> Is this a hard and fast SBS rule...

I believe it is...

SBS 2008: Supported Networking Topology
http://blogs.technet.com/sbs/archive...-topology.aspx

--
Merv Porter [SBS-MVP]
============================

"Jarryd" <> wrote in message
news:#...
> Hi Merv,
>
> I guess I could do that, but it does mean that I am breaking from the rule
> that has been set by HQ to assign specific address ranges to specific
> types of devices. Is this a hard and fast SBS rule that you cannot use
> class B network ranges?
>
> TIA,
>
> Jarryd
>
> "Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
> news:...
>> To create a class C network for your users and to satisfy SBS 2008
>> topology, can you add another router with a WAN of IP of 10.124.4.254
>> (Internet Gateway) and an internal IP of 192.168.1.1 (for example)? Since
>> the IP-VPN line and the Internet Gateway are in the same subnet
>> (10.124.4.x), the clients behind the new router should have access to the
>> IP-VPN through the gateway of the new router.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>> "Jarryd" <> wrote in message
>> news:688E9576-381F-4C97-8067-...
>>> Hi,
>>>
>>> I am migrating my 20 user network to SBS 2008. I have hit a problem
>>> with the assumption (or intended restriction) that SBS makes about one's
>>> IP address configuration. Although my LAN is small, my company is part
>>> of a large group. Our network is not part of HQ's AD domain or anything
>>> like that, but because of an IP-VPN line at our site that gives us
>>> access to their SAP servers they want to control the IP configuration of
>>> all remote sites. They have given me the following:
>>> 10.124.4.(1 - 254) /22 - routers
>>> 10.124.5.(1 - 200) /22 - DHCP clients
>>> 10.124.5.(201 -254) /22 - print servers and other non-server static IPs
>>> 10.124.6.(1-254) /22 - static IP for servers (AD, Email, Web, etc.)
>>>
>>> The way I have things configured here is:
>>> Internet gateway: 10.124.4.254 /22
>>> IP-VPN gateway: 10.124.4.1 /22
>>> SBS 2008 Server: 10.124.6.1 /22
>>>
>>> When I try to run the CTIW wizard it fails. In fact it seems most of
>>> the SBS wizards fail, and all for the same reason. They have been hard
>>> coded to assume certain IP network configs. Is there any way around
>>> this? I imagine I can revert back to doing everything the hard way and
>>> not relying on the wizards, but I was kind of looking forward to an
>>> easier life with SBS.
>>>
>>> TIA,
>>>
>>> Jarryd
>>>
>>>
>>>

"Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
news:u5b$...
>> Is this a hard and fast SBS rule...
>
> I believe it is...
>
> SBS 2008: Supported Networking Topology
> http://blogs.technet.com/sbs/archive...-topology.aspx
>
> --
> Merv Porter [SBS-MVP]
> ============================

Although the rules are pretty much written in stone, is there anything wrong
with setting it up running the wizard with a /24, then after the wizard has
completed all its tasks successfully, simply change it to a /22 to meet his
company's requirements?


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Good question. Never tried that. My guess is that while it may work
initially, re-running certain wizards (like Fix My Network) would then fail
in the future. Might be a nightmare to administer/troubleshoot.

--
Merv Porter [SBS-MVP]
============================

"Ace Fekay [MCT]" <> wrote in message
news:#...
> "Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
> news:u5b$...
>>> Is this a hard and fast SBS rule...
>>
>> I believe it is...
>>
>> SBS 2008: Supported Networking Topology
>> http://blogs.technet.com/sbs/archive...-topology.aspx
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>
> Although the rules are pretty much written in stone, is there anything
> wrong with setting it up running the wizard with a /24, then after the
> wizard has completed all its tasks successfully, simply change it to a /22
> to meet his company's requirements?
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>

Hi all,

This is the thing. I figure that I can administer the network the non-SBS
way, i.e. without wizards. Surely it will all work provided I don't run the
said wizards. I was hoping that I would be able to implement a version of
Windows Server that didn't require reading too many manuals. Oh well.

Any reason why the wizards can't get the net mask from the SBS server's IP
config? Capturing ipconfig results would do the trick.

Regards,

Jarryd

"Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
news:...
> Good question. Never tried that. My guess is that while it may work
> initially, re-running certain wizards (like Fix My Network) would then
> fail in the future. Might be a nightmare to administer/troubleshoot.
>
> --
> Merv Porter [SBS-MVP]
> ============================
>
> "Ace Fekay [MCT]" <> wrote in message
> news:#...
>> "Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
>> news:u5b$...
>>>> Is this a hard and fast SBS rule...
>>>
>>> I believe it is...
>>>
>>> SBS 2008: Supported Networking Topology
>>> http://blogs.technet.com/sbs/archive...-topology.aspx
>>>
>>> --
>>> Merv Porter [SBS-MVP]
>>> ============================
>>
>> Although the rules are pretty much written in stone, is there anything
>> wrong with setting it up running the wizard with a /24, then after the
>> wizard has completed all its tasks successfully, simply change it to a
>> /22 to meet his company's requirements?
>>
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum for collaboration benefit
>> among responding engineers, and to help others benefit from your
>> resolution.
>>
>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
>> 2003/2000, MCSA Messaging 2003
>> Microsoft Certified Trainer
>>
>> For urgent issues, please contact Microsoft PSS directly. Please check
>> http://support.microsoft.com for regional support phone numbers.
>>

For reference, here's how the "router" is discovered (or not) when during
SBS 2008 install:

Introducing the Connect to the Internet Wizard (CTIW)
http://blogs.technet.com/sbs/archive...zard-ctiw.aspx

--
Merv Porter [SBS-MVP]
============================

"Jarryd" <> wrote in message
news:e#...
> Hi all,
>
> This is the thing. I figure that I can administer the network the non-SBS
> way, i.e. without wizards. Surely it will all work provided I don't run
> the said wizards. I was hoping that I would be able to implement a
> version of Windows Server that didn't require reading too many manuals.
> Oh well.
>
> Any reason why the wizards can't get the net mask from the SBS server's IP
> config? Capturing ipconfig results would do the trick.
>
> Regards,
>
> Jarryd
>
> "Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
> news:...
>> Good question. Never tried that. My guess is that while it may work
>> initially, re-running certain wizards (like Fix My Network) would then
>> fail in the future. Might be a nightmare to administer/troubleshoot.
>>
>> --
>> Merv Porter [SBS-MVP]
>> ============================
>>
>> "Ace Fekay [MCT]" <> wrote in message
>> news:#...
>>> "Merv Porter" <mwport@no_spam_hotmail.com> wrote in message
>>> news:u5b$...
>>>>> Is this a hard and fast SBS rule...
>>>>
>>>> I believe it is...
>>>>
>>>> SBS 2008: Supported Networking Topology
>>>> http://blogs.technet.com/sbs/archive...-topology.aspx
>>>>
>>>> --
>>>> Merv Porter [SBS-MVP]
>>>> ============================
>>>
>>> Although the rules are pretty much written in stone, is there anything
>>> wrong with setting it up running the wizard with a /24, then after the
>>> wizard has completed all its tasks successfully, simply change it to a
>>> /22 to meet his company's requirements?
>>>
>>>
>>> --
>>> Ace
>>>
>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>> confers no rights.
>>>
>>> Please reply back to the newsgroup or forum for collaboration benefit
>>> among responding engineers, and to help others benefit from your
>>> resolution.
>>>
>>> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
>>> 2003/2000, MCSA Messaging 2003
>>> Microsoft Certified Trainer
>>>
>>> For urgent issues, please contact Microsoft PSS directly. Please check
>>> http://support.microsoft.com for regional support phone numbers.
>>>

"Jarryd" <> wrote in message
news:e%...
> Hi all,
>
> This is the thing. I figure that I can administer the network the non-SBS
> way, i.e. without wizards. Surely it will all work provided I don't run
> the said wizards. I was hoping that I would be able to implement a
> version of Windows Server that didn't require reading too many manuals.
> Oh well.
>
> Any reason why the wizards can't get the net mask from the SBS server's IP
> config? Capturing ipconfig results would do the trick.
>
> Regards,
>
> Jarryd

I guess it's hardcoded in the wizard. Remember, SBS is "Small" Business
Server and they figured what would a "Small" business be doing sitting on a
network with subnet anything other than a /24 max?

Ace

> Hi All,
>
> Ace, I guess what you say is fair. Then again, it wasn't a problem in 2003,
> and there may well be administrators that went for a Class B address scheme
> (for whatever reason) and are now having to reconfigure their IP network. It
> isn't an obvious change to go looking for and more like something that you
> are possibly going to come across when doing your pre-implementation
> research, but not necessarily. I am supposing that MS had their reasons for
> this, and I would hope that the reason is not "what does a small business
> want with any IP subnet class other than C?", but rather that it caused them
> some technical problem in designing their wizards. In my case, the reason a
> small office would want this would be so that it is abundantly clear by the
> IP address what type of device you are dealing with (x.x.4.x = router type
> node, x.x.5.x = network servers, x.x.6.x = network clients, for example). It
> makes it nice and easy for configuring firewall rules, et al. It isn't
> essential that you do it this way, and yes you can use groups of numbers
> between 1 to 254 (but you have to admit it isn't quite as starkly obvious),
> but if it isn't harming anyone, why can't we?
>
> Chris, I take your points seriously. I did check this with people on this
> forum (ages ago) before embarking on the SBS route and they confirmed that I
> can use the "standard" tools to configure SBS if I want to. I was reluctant
> to let go of that control as a compromise for ease and, as I said, I was told
> not to worry about this. Your comments are at odds with this advice, but
> based on what I have experience I suspect you are the more correct.
>
> I have sent an email to HQ asking them to make an exception in our case. I
> have proposed to: 1.) use a range of 10.124.6.0/24 for our SBS network using
> 10.124.6.254 as the gateway address, and 2.) attach the IP-VPN circuit
> directly to a spare ethernet interface on my firewall configured with IP
> address 10.124.254 (IP-VPN gateway = 10.124.4.1) 3.) configure a rule on the
> firewall to handle the related traffic. 4.) forget about address
> 10.124.5.0/24
>
> If they accept then cool, otherwise not so cool. Like I say, I hope MS had a
> very good reason for this change, and would make the point that while this
> information might have been out there I didn't come across it and I think it
> would be unreasonable to blame me for not going looking for it specifically.
>
> Regards,
>
> Jarryd
>
>
The limitation, I believe, is to protect licensing. I understand what
you're saying about identifying devices and nodes by IP, which is done
this way in big server land, but how many small business owners are
aware of designing or even implementing such a scheme?

Let us know if HQ goes with your suggestions.

Ace

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.