RE: Free range addressesFrom: Jollon, Matthew (MJollon@cstechnology.com)
- Previous message: David Scott: "RE: Firewall, VPN and NAT problems"
- Maybe in reply to: Michael Tench: "Free range addresses"
- Next in thread: Gregory_DeGennaro@csaa.com: "RE: Free range addresses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <7259E36A9574D511946600508BD7297607F691@nymail.ny.cstechnology.com> From: "Jollon, Matthew" <MJollon@cstechnology.com> To: "'email@example.com'" <firstname.lastname@example.org>, email@example.com Subject: RE: Free range addresses Date: Tue, 21 Aug 2001 12:00:32 -0400
A company should never use routable addresses internally or in the DMZ.
Anything other than the router and firewall should conform to RFC1918. Both
for the internet sake and the companies sake.
As you know, many different companies now use VPN
connectivity to communicate to each other, as well as
(unfortuantely) allowing remote users to VPN into
machines on their service network. As such, you cannot
have the same subnet allocated on both sides of the
VPN tunnel....but as an IT manager or WAN analyst, you
cannot tell the other company they must change their
My questions are these:
Is this a good argument for using a routable(not free
range) IP address for your service network (some say
Do you think the risks of this outweigh the
benefits?(Like if the firewall fails in a manner that
allows all traffic to pass)
I welcome your comments.
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger