Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP address scheme

What are the pro's and con's of using a public IP address range on an internal network that has access to external resources (via a NAT gateway).

5 REPLIES
New Member

Re: Public IP address scheme

As long as you are defaulting to the NAT Gateway, there should not be any problems however this solution is NEVER advisable. Is there a specific reason why a private network cannot be used?

Gold

Re: Public IP address scheme

Its very unusuall

Main problem is you cannot reach public ip what is used internally

For example if public address range 55.55.55.x /24 is used for internal network you will never reach public server 55.55.55.10 because this IP is not routed outside (you have overlap with "real" ip address)

If you dont have special reason i would recommend to use reserved address space (RFC 1918)

M.

hope that helps rate if it does

Gold

Re: Public IP address scheme

I agree with the others... You should always try to use addresses from RFC 1918.

That said, there are many addresses that aren't actually used on the internet at any given time. This doesn't mean they won't be used in the future...just that they're not used at this moment - ie use at your own risk.

http://www.completewhois.com/bogons/data/bogons-cidr-all.txt

I once worked for a company who used the 31.0.0.0/8 space for their entire internal network. They tried to acquire it from ARIN but got denied. But to this day it's still not used publicly.

Silver

Re: Public IP address scheme

There are also risks of using RFC1918 in

your organization as well.

Let say you decide to use 10.0.0.0/8 network

for your organization. Later on, your company

decides to outsource some IT functions to

a 3rd parties, which also use RFC1918,

10.0.0.0/8. Now you get overlapping network

for VPNs and it will be a mess to setup.

You can use double-NAT both sides but a lot of

applications such as Citrix will NOT work

with NAT.

Most organizations use public ip addresses for

their internal network because of this. When

you have to do VPN with other companies, it

is much simpler to setup.

CCIE security

New Member

Re: Public IP address scheme

The public range is part of an existing network that has many servers on it.

I'm trying to build a case to re-IP this segment but that will involve quite a bit of work.

317
Views
0
Helpful
5
Replies