Re: Possibility of routing through internet with private IP address
From: Thorne (thorne_at_beol.net)
Date: 10/16/03
- Previous message: DRAx: "Re: Basic Network Configuration"
- In reply to: e-bone: "Possibility of routing through internet with private IP address"
- Next in thread: David Gillett: "RE: Possibility of routing through internet with private IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: e-bone <ebone@DotsAndLoops.net>, security-basics@securityfocus.com Date: Thu, 16 Oct 2003 15:56:43 -0400
On Thursday 16 October 2003 12:00, e-bone wrote:
The only way someone could route threw it would be to Spoof from the lan
which the device is on. Or MAYBE if your router was improplerly configured to
routre from that point down. But Speaking from experince with sonic wall it
would not allow thigns to come back threw from the other side if they were in
private range that on the internal interface.
Bill
> Hi,
> We have the following VPN/Firewall setup:
>
> WAN -- T1 router -- netscreen(VPN) -- SonicWall(Firewall) -- LAN
>
> NAT takes place at the SonicWall.
>
> VPN tunnels from the WAN side end at the netscreen.
> VPN users receive a "virtual" IP address of 172.31.1.*,
> 172.31.2.* , etc ...
>
> The SonicWall has rules allowing in these private address ranges.
>
> Now, the question ....
> My (doofus) boss seems to think that it is possible that somebody
> could come into our LAN from the WAN side with one of these private IP
> addresses ?
> I tend to think this is complete hogwash (or bollocks if you prefer).
>
> Is there anyway someone can route through the internet (WAN) with a
> private IP address, and have the packets routed back to them properly ?
>
> For the purposes of answering the question, disregard for the moment
> that we could set up the netscreen with policies requiring these private
> IP ranges to be tunneled .... my boss for some inexplicable reason
> has no faith in this device ... that is the whole reason we still
> have the SonicWall around too.
>
> Any tips, hints, or gibberish of any kind welcome.
>
> cheers,
> e
>
> ---------------------------------------------------------------------------
> FREE Whitepaper: Better Management for Network Security
>
> Looking for a better way to manage your IP security?
> Learn how Solsoft can help you:
> - Ensure robust IP security through policy-based management
> - Make firewall, VPN, and NAT rules interoperable across heterogeneous
> networks
> - Quickly respond to network events from a central console
>
> Download our FREE whitepaper at:
> http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
> ---------------------------------------------------------------------------
>-
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------
- Previous message: DRAx: "Re: Basic Network Configuration"
- In reply to: e-bone: "Possibility of routing through internet with private IP address"
- Next in thread: David Gillett: "RE: Possibility of routing through internet with private IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
