03-07-2008 06:22 PM - edited 03-05-2019 09:37 PM
Hey guys, just to double check, my understanding of 172.16.0.0 - 172.31.255.255 is that is one of the 3 private networks that the RFCs provide us so we can use them internally (non-routable IPs).
This means that I can pick any from 172.16.x.x all the way to 172.16.31.255.255
What happens if in my internal LAN I use 172.15.28.x?
what could be the problems/?
Also, if the config has statements like:
ip address DMZ 172.15.128.100 255.255.255.0
static (DMZ,outside) 63.63.63.148 172.15.128.10 netmask 255.255.255.255 0 0
What could be the problems here?
please help
03-07-2008 07:03 PM
172.15.128.100 this is not a private IP address. IF you using this IP range in your LAN it will create routing loops in your network.
03-08-2008 01:40 AM
Hi
You can use any range you want on your internal LAN including routable internet address ranges.
But if you do use a publically routable address range that has not been assigned to you there are 2 things you need to be aware of
1) By using 172.15.28.x on your LAN it means you will have problems accessing any 172.15.28.x servers on the Internet. So if the company who has been assigned the 172.15.28.x has a web server you want to access this could be problematic.
2) You must make sure that none of the 172.15.28.x addresses you have used "leak" out onto the Internet. So you would be fine with your DMZ setup because you are presenting your internal 172.15.28.10 address as 63.63.63.148.
HTH
Jon
03-09-2008 05:34 PM
From the design perspective, will this be "bad" design?
What about the route looping like it was mentioned?
03-09-2008 05:41 PM
It's a bad design if you don't own the 'public' IP address.
Jon did a great job explaining what would happen if another company owns the public IP and you decide to use it internally so I won't repeat his statement.
No route looping on such design, just the inability to reach internet sites as your router prefer those routes internally.
HTH,
__
Edison.
03-09-2008 05:45 PM
Thank you guys for making this very clear.
I needed to be 300% sure as this is an inhereted L3 device and I keep finding strange things in the config.
apie
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide