RE: Using Public addresses as Internally [7:4835]
I have actually just left the study group, but my parting advice is to confirm Priscillas advice. The private ranges are designed for your purpose, and if you need a class A then please use the 10.0.0.0 range. It will avoid a lot of potential problems. By the way Priscillas book Top Down Network Design, is very good. I wish you all luck and success in your career and certification pursuits. Regards John Spencer, CCNP. -Original Message- From: Priscilla Oppenheimer [SMTP:[EMAIL PROTECTED]] Sent: Thursday, May 17, 2001 9:13 PM To: [EMAIL PROTECTED] Subject: Re: Using Public addresses as Internally [7:4835] Why not use something from the private ranges? 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Also, Class A would let you address 16 million of these devices. Do you really have that many? Also, quite a few large companies, universities, and service providers have hung onto their Class A address. What would happen if the users from the Internet that you mentioned below happened to be on the same Class A as you are using? IP spoofing protection (if you are using it) might not let these users in. Even if they got in, the responses to their packets might get routed internally not back to them. You could avoid these problems, of course, but why even risk having them? I'm sure you have your reasons and you're just trolling for a sanity check. Without more details, we have to give you the sort of canned response that it's a bad idea. ;-) Priscilla At 10:01 AM 5/17/01, Bruce Williams wrote: My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4954t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
SOwhy not just use 10.x.x.x ? NO... it's not acceptable, it's bad practice. Why do it? What's the advantage? Bruce Williams wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4843t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Bruce, Do you really need that much address space??? If so, you will also need to be concerned about your choice of routing protocols. Also, you definately don't want any of those routes leaking out into the Internet (which sounds like you know). Debbie --- Bruce Williams wrote: I think you misunderstood my question. I am aware of the reserved private addresses, but we need more address space than that. I want to use the regular Class A public address space 1.0.0.0 to 126.0.0.0. That is risky because those addresses are already assigned on the public internet. It would work as long as those routes dont get our of our internal network. Bruce - Original Message - From: Debbie Westall To: Bruce Williams Sent: Thursday, May 17, 2001 10:16 AM Subject: Re: Using Public addresses as Internally [7:4835] This is acceptable. Refer to RFC 1918 and 1597 for further info. You may use the following: Class Private Address Range A10.0.0.0 . 10.255.255.255 B172.16.0.0 . 172.16.255.255 C192.168.0.0 . 192.168.255.255 Just be careful when setting up your filters (ACLs) Good Luck Debbie --- Bruce Williams wrote: My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4845t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
If you're using someone elses IP range, you'll never be able to access their network if you need to. Your router would keep it internal would never pass it outside. - Original Message - From: Bruce Williams To: Sent: Thursday, May 17, 2001 9:01 AM Subject: Using Public addresses as Internally [7:4835] My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4853t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Why not use something from the private ranges? 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Also, Class A would let you address 16 million of these devices. Do you really have that many? Also, quite a few large companies, universities, and service providers have hung onto their Class A address. What would happen if the users from the Internet that you mentioned below happened to be on the same Class A as you are using? IP spoofing protection (if you are using it) might not let these users in. Even if they got in, the responses to their packets might get routed internally not back to them. You could avoid these problems, of course, but why even risk having them? I'm sure you have your reasons and you're just trolling for a sanity check. Without more details, we have to give you the sort of canned response that it's a bad idea. ;-) Priscilla At 10:01 AM 5/17/01, Bruce Williams wrote: My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4894t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using Public addresses as Internally [7:4835]
Routers that did not filtered outgoing private IPs will still forward the packets out based on default router. - Original Message - From: Allen May To: Sent: Thursday, May 17, 2001 11:57 PM Subject: Re: Using Public addresses as Internally [7:4835] If you're using someone elses IP range, you'll never be able to access their network if you need to. Your router would keep it internal would never pass it outside. - Original Message - From: Bruce Williams To: Sent: Thursday, May 17, 2001 9:01 AM Subject: Using Public addresses as Internally [7:4835] My company wants to use public addresses from the Class A range internally. I realize the danger if these routes got advertised on the Internet, but is this something that is considered acceptable if it is carefully done to prevent the risk of these routes being propagated out on the Public Internet? These networks will be used to address equipment in a multitude of cellular radio base stations around the country and they will only be connected to our network. There will central locations where users from the internet could access a database which will query these systems, but there will not be a direct internet connection. I would appreciate any advice on this. Thanks, Bruce Williams [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4907t=4835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]