Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
5
Replies

Public IP address scheme

g.leonard
Level 1
Level 1

‎02-04-2008 08:28 AM - edited ‎03-05-2019 08:55 PM

What are the pro's and con's of using a public IP address range on an internal network that has access to external resources (via a NAT gateway).

Labels:
0 Helpful
5 Replies 5

Snydersh1_2
Level 1
Level 1

‎02-05-2008 05:09 AM

As long as you are defaulting to the NAT Gateway, there should not be any problems however this solution is NEVER advisable. Is there a specific reason why a private network cannot be used?

0 Helpful

m.sir
Level 7
Level 7

‎02-05-2008 05:12 AM

Its very unusuall

Main problem is you cannot reach public ip what is used internally

For example if public address range 55.55.55.x /24 is used for internal network you will never reach public server 55.55.55.10 because this IP is not routed outside (you have overlap with "real" ip address)

If you dont have special reason i would recommend to use reserved address space (RFC 1918)

M.

hope that helps rate if it does

0 Helpful

srue
Level 7
Level 7
In response to m.sir

‎02-05-2008 05:43 AM

I agree with the others... You should always try to use addresses from RFC 1918.

That said, there are many addresses that aren't actually used on the internet at any given time. This doesn't mean they won't be used in the future...just that they're not used at this moment - ie use at your own risk.

http://www.completewhois.com/bogons/data/bogons-cidr-all.txt

I once worked for a company who used the 31.0.0.0/8 space for their entire internal network. They tried to acquire it from ARIN but got denied. But to this day it's still not used publicly.

0 Helpful

cisco24x7
Level 6
Level 6
In response to srue

‎02-05-2008 07:21 AM

There are also risks of using RFC1918 in

your organization as well.

Let say you decide to use 10.0.0.0/8 network

for your organization. Later on, your company

decides to outsource some IT functions to

a 3rd parties, which also use RFC1918,

10.0.0.0/8. Now you get overlapping network

for VPNs and it will be a mess to setup.

You can use double-NAT both sides but a lot of

applications such as Citrix will NOT work

with NAT.

Most organizations use public ip addresses for

their internal network because of this. When

you have to do VPN with other companies, it

is much simpler to setup.

CCIE security

0 Helpful

g.leonard
Level 1
Level 1

‎02-05-2008 07:13 AM

The public range is part of an existing network that has many servers on it.

I'm trying to build a case to re-IP this segment but that will involve quite a bit of work.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card