We have a small office setup that we would like to deploy VOip. Since we were running low on IP addresses we currently use private addresses (i.e. 10. addressing) on all the Cisco 3500 series switches. There's no problem with the data traffic, but will this private addressing of the switches have any affect on the VOip traffic and system?
In general, for bandwidth management as well as security reasons, you want to use a different subnet for your voice traffic than for your data traffic. You can do this on the switch with seperate vlans, and setting up your router interface to trunk them.
you should use private addressses for ALL of your internal devices. Why would you even consider public IP's for anything other than devices that need to be accessed via the internet and even then your firewall would answer for those addresses any way
Since the ony time NAT = Security is in the limited cases where you are being hacked by a real novice, then the only reason to use NAT is when you have a lack of real ip addresses.
The majority of security breaches occur from the inside, where you are already on a known ip network. Next most common is DoS, which NAT will not prevent. Hijacking or sniffing a session will take place either in the public realm or from the inside, so NAT does nothing to prevent this. Hacking into a NATed system using the outside address is just as easy as using an inside address unless you are using PAT, which is a horrible kludge that breaks several other protocols. And the only fixes for many of those protocols to be able to use PAT is to open up holes in your FW, which is worse than using a routable ip address.
Having a good, enforced security policy is far better than using NAT and assuming that it is a security measure.
I hope you are not suggesting on any level the use of public routable IP addressess on an internal enterprise network is common or suggested practice. I did not suggest security as a factor for deciding to use NAT. Their is no benefit to using public routable addresses on an internal LAN however the benefits of private addressing and NAT are many.
"then the only reason to use NAT is when you have a lack of real ip addresses. "
are you kidding?
I guess that applies to... lets see..... THE WORLD!!
The last thing I want to do is turn Open Forum into a flame war, but I knew that when I posted the last message, that it could end up that way. For some odd reason, NAT is one of those topics where people either love it or hate it. I'm of the latter group, and you are obviously of the former.
Contrary to what you said above, I have worked both for and with several companies, large and small, who actually "own" their own set of routable addresses. I am of the opinion that if you own them, use them. The route aggregation argument, though a valid one, falls apart very quickly when you multihome to two different ISPs for fault tolerance. It happens more often than you'd think, given the ever-growing dependance on the internet for critical business applications.
And in the article above that you referenced, they said, "A major drawback to the use of private address space is that it may actually reduce an enterprise's flexibility to access the Internet." (And I've known several engineers who were probably on drugs when they wrote things, though it didn't necessarily impact the quality of their work.)
I stil lhold that the benefits of using publicly routable addresses outweigh the benefits of using NAT in many situations. And having been through readdressing several times during the merger mania of the 80's and 90's, it's not all that bad, and it happens whether you are using public or private addresses.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...