Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

Question on "ISPs" seeing routes to "Internal" router, basic lab

Go to solution
news2010a
Level 3
Level 3

‎07-15-2009 08:49 PM - edited ‎03-04-2019 05:26 AM

Hi, can you please see attached detailed lab diagram and question. Thanks much for your great help.

Question:

1) As is now, from "Backup" and "Primary" I can

see routes to "Internal" and ping "Internal" router.

In a real production environment, is this

behavior typical? I mean, typically people would prefer to avoid letting the service provider ping

"Internal" right? Or as long as I set a network for my internal clients and do not advertise that one to Edge and beyound, so then if ISP's have visibility to "Internal" router that should not be a problem?

If that is the case that Backup and Primary should be able to ping "Internal", is an access-list blocking traffic from Backup and Primary to "Internal" the way to go?

Labels:
Preview file
1036 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chinkevi_2
Level 1
Level 1

‎07-15-2009 09:55 PM

this is rather open ended question.

but isp must see your ip, otherwise they can't route your ip.

typically, isp is a shared environment whose role is to pass your traffic and keep you ip within your own vpn. You will not see other customer's ip, and others will not see yours.

if you don't want isp to see your real ip, you could nat it, and the isp will route the global ip.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
chinkevi_2
Level 1
Level 1

‎07-15-2009 09:55 PM

this is rather open ended question.

but isp must see your ip, otherwise they can't route your ip.

typically, isp is a shared environment whose role is to pass your traffic and keep you ip within your own vpn. You will not see other customer's ip, and others will not see yours.

if you don't want isp to see your real ip, you could nat it, and the isp will route the global ip.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-15-2009 11:22 PM

Hello Marlon,

Ting has provided a good answer: usually NAT plays a role here:

it is highly preferred to use private ip addresses as per RFC 1918 for the infrastructure devices.

ACLs are usually deployed at border routers for security reasons to avoid so called network reconaissance attacks that try to find out your IP subnets.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card