Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3881
Views
0
Helpful
5
Replies

172.15.128.0 Subnets. Private or not?

insccisco
Level 1
Level 1

‎03-07-2008 06:22 PM - edited ‎03-05-2019 09:37 PM

Hey guys, just to double check, my understanding of 172.16.0.0 - 172.31.255.255 is that is one of the 3 private networks that the RFCs provide us so we can use them internally (non-routable IPs).

This means that I can pick any from 172.16.x.x all the way to 172.16.31.255.255

What happens if in my internal LAN I use 172.15.28.x?

what could be the problems/?

Also, if the config has statements like:

ip address DMZ 172.15.128.100 255.255.255.0

static (DMZ,outside) 63.63.63.148 172.15.128.10 netmask 255.255.255.255 0 0

What could be the problems here?

please help

Labels:
0 Helpful
5 Replies 5

thiru.vel10
Level 1
Level 1

‎03-07-2008 07:03 PM

172.15.128.100 this is not a private IP address. IF you using this IP range in your LAN it will create routing loops in your network.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎03-08-2008 01:40 AM

Hi

You can use any range you want on your internal LAN including routable internet address ranges.

But if you do use a publically routable address range that has not been assigned to you there are 2 things you need to be aware of

1) By using 172.15.28.x on your LAN it means you will have problems accessing any 172.15.28.x servers on the Internet. So if the company who has been assigned the 172.15.28.x has a web server you want to access this could be problematic.

2) You must make sure that none of the 172.15.28.x addresses you have used "leak" out onto the Internet. So you would be fine with your DMZ setup because you are presenting your internal 172.15.28.10 address as 63.63.63.148.

HTH

Jon

0 Helpful

insccisco
Level 1
Level 1
In response to Jon Marshall

‎03-09-2008 05:34 PM

From the design perspective, will this be "bad" design?

What about the route looping like it was mentioned?

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to insccisco

‎03-09-2008 05:41 PM

It's a bad design if you don't own the 'public' IP address.

Jon did a great job explaining what would happen if another company owns the public IP and you decide to use it internally so I won't repeat his statement.

No route looping on such design, just the inability to reach internet sites as your router prefer those routes internally.

HTH,

__

Edison.

0 Helpful

insccisco
Level 1
Level 1
In response to Edison Ortiz

‎03-09-2008 05:45 PM

Thank you guys for making this very clear.

I needed to be 300% sure as this is an inhereted L3 device and I keep finding strange things in the config.

apie

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card