Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question on "ISPs" seeing routes to "Internal" router, basic lab

Hi, can you please see attached detailed lab diagram and question. Thanks much for your great help.

Question:

1) As is now, from "Backup" and "Primary" I can

see routes to "Internal" and ping "Internal" router.

In a real production environment, is this

behavior typical? I mean, typically people would prefer to avoid letting the service provider ping

"Internal" right? Or as long as I set a network for my internal clients and do not advertise that one to Edge and beyound, so then if ISP's have visibility to "Internal" router that should not be a problem?

If that is the case that Backup and Primary should be able to ping "Internal", is an access-list blocking traffic from Backup and Primary to "Internal" the way to go?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Question on "ISPs" seeing routes to "Internal" router, basic

this is rather open ended question.

but isp must see your ip, otherwise they can't route your ip.

typically, isp is a shared environment whose role is to pass your traffic and keep you ip within your own vpn. You will not see other customer's ip, and others will not see yours.

if you don't want isp to see your real ip, you could nat it, and the isp will route the global ip.

2 REPLIES
New Member

Re: Question on "ISPs" seeing routes to "Internal" router, basic

this is rather open ended question.

but isp must see your ip, otherwise they can't route your ip.

typically, isp is a shared environment whose role is to pass your traffic and keep you ip within your own vpn. You will not see other customer's ip, and others will not see yours.

if you don't want isp to see your real ip, you could nat it, and the isp will route the global ip.

Hall of Fame Super Silver

Re: Question on "ISPs" seeing routes to "Internal" router, basic

Hello Marlon,

Ting has provided a good answer: usually NAT plays a role here:

it is highly preferred to use private ip addresses as per RFC 1918 for the infrastructure devices.

ACLs are usually deployed at border routers for security reasons to avoid so called network reconaissance attacks that try to find out your IP subnets.

Hope to help

Giuseppe

119
Views
0
Helpful
2
Replies
CreatePlease login to create content