I am the new network administrator for a company that currently has 3 sites in the same city. Their current network topology is something like this:
They run 172.16.0.0/16 network for sites 1 and 2. Site 1 houses most of the servers for the network.
They run 192.168.15.0/24 for site 3
Site 2 has an owned fiber connection linking it back to Site 1
Site 3 has an owned fiber connection linking it back to site 1
Currently 172.16.0.0 to 18.104.22.168 are unused
172.16.2.0-172.16.2.255 - used for server address assignments (approx 20 devices) also default gateway is in this range
172.16.3.0-172.16.3.255 - unassigned
172.16.4.0-172.16.4.255 - Used for ERP servers (3 devices assigned)
172.16.5.0-172.16.5.255 - Network management interfaces (switches), IP cameras, and Mobile VPN client pool
172.16.6.0-172.16.6.255 - Printers (approx 50 devices)
172.16.7.0-172.16.7.255 - Corporate Wireless
172.16.8.0-172.16.8.255 - Location A dhcp pool
172.16.9.0-172.16.9.255 - Location B dhcp pool
Currently, all 3 sites hae local internet connection from local ISP. Each site has a watchguard Firebox. Site 1 has M400 (172.16.2.16), Site 2 has M300(172.16.9.1) and Site 3 has T30 (192.168.15.1).
Currently site 1 and site 2 are connected via layer 2 connection over the fiber. Site 3 is connected via trusted interface to site 1 with ip address 192.168.15.254.
As of right now, end users on site 2 are statically assigned in 172.16.9.x range with a gateway of 172.16.9.1 to utilize local internet connection in that building as opposed to trunking internet traffic back over fiber link to site 1.
I would like to subnet and route this network to limit the broadcast domains, but unsure what the best solution would be to proceed with. Would it be feasible to set up Branch Office VPN's between the sites and use DHCP relay for sites 2 and 3.
Any suggestions would be appreciated