172.15.128.0 Subnets. Private or not?

Unanswered Question
Mar 7th, 2008
User Badges:

Hey guys, just to double check, my understanding of 172.16.0.0 - 172.31.255.255 is that is one of the 3 private networks that the RFCs provide us so we can use them internally (non-routable IPs).


This means that I can pick any from 172.16.x.x all the way to 172.16.31.255.255


What happens if in my internal LAN I use 172.15.28.x?


what could be the problems/?


Also, if the config has statements like:


ip address DMZ 172.15.128.100 255.255.255.0


static (DMZ,outside) 63.63.63.148 172.15.128.10 netmask 255.255.255.255 0 0


What could be the problems here?


please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thiru.vel10 Fri, 03/07/2008 - 19:03
User Badges:

172.15.128.100 this is not a private IP address. IF you using this IP range in your LAN it will create routing loops in your network.

Jon Marshall Sat, 03/08/2008 - 01:40
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


You can use any range you want on your internal LAN including routable internet address ranges.


But if you do use a publically routable address range that has not been assigned to you there are 2 things you need to be aware of


1) By using 172.15.28.x on your LAN it means you will have problems accessing any 172.15.28.x servers on the Internet. So if the company who has been assigned the 172.15.28.x has a web server you want to access this could be problematic.


2) You must make sure that none of the 172.15.28.x addresses you have used "leak" out onto the Internet. So you would be fine with your DMZ setup because you are presenting your internal 172.15.28.10 address as 63.63.63.148.


HTH


Jon

insccisco Sun, 03/09/2008 - 17:34
User Badges:

From the design perspective, will this be "bad" design?


What about the route looping like it was mentioned?

Edison Ortiz Sun, 03/09/2008 - 17:41
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

It's a bad design if you don't own the 'public' IP address.


Jon did a great job explaining what would happen if another company owns the public IP and you decide to use it internally so I won't repeat his statement.


No route looping on such design, just the inability to reach internet sites as your router prefer those routes internally.


HTH,


__


Edison.

insccisco Sun, 03/09/2008 - 17:45
User Badges:

Thank you guys for making this very clear.


I needed to be 300% sure as this is an inhereted L3 device and I keep finding strange things in the config.



apie

Actions

This Discussion