02-04-2008 08:28 AM - edited 03-05-2019 08:55 PM
What are the pro's and con's of using a public IP address range on an internal network that has access to external resources (via a NAT gateway).
02-05-2008 05:09 AM
As long as you are defaulting to the NAT Gateway, there should not be any problems however this solution is NEVER advisable. Is there a specific reason why a private network cannot be used?
02-05-2008 05:12 AM
Its very unusuall
Main problem is you cannot reach public ip what is used internally
For example if public address range 55.55.55.x /24 is used for internal network you will never reach public server 55.55.55.10 because this IP is not routed outside (you have overlap with "real" ip address)
If you dont have special reason i would recommend to use reserved address space (RFC 1918)
M.
hope that helps rate if it does
02-05-2008 05:43 AM
I agree with the others... You should always try to use addresses from RFC 1918.
That said, there are many addresses that aren't actually used on the internet at any given time. This doesn't mean they won't be used in the future...just that they're not used at this moment - ie use at your own risk.
http://www.completewhois.com/bogons/data/bogons-cidr-all.txt
I once worked for a company who used the 31.0.0.0/8 space for their entire internal network. They tried to acquire it from ARIN but got denied. But to this day it's still not used publicly.
02-05-2008 07:21 AM
There are also risks of using RFC1918 in
your organization as well.
Let say you decide to use 10.0.0.0/8 network
for your organization. Later on, your company
decides to outsource some IT functions to
a 3rd parties, which also use RFC1918,
10.0.0.0/8. Now you get overlapping network
for VPNs and it will be a mess to setup.
You can use double-NAT both sides but a lot of
applications such as Citrix will NOT work
with NAT.
Most organizations use public ip addresses for
their internal network because of this. When
you have to do VPN with other companies, it
is much simpler to setup.
CCIE security
02-05-2008 07:13 AM
The public range is part of an existing network that has many servers on it.
I'm trying to build a case to re-IP this segment but that will involve quite a bit of work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide