Security Basics mailing list archives
RE: Possibility of routing through internet with private IP address
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 16 Oct 2003 11:45:41 -0700
I've had no trouble mixing bogon filters (i.e., block invalid or spoofed source addresses such as private ranges) with VPN tunnels, even when both were on the same NetScreen box. At the point that the tunnelled traffic hits the filters, it's encapsulated within packets bearing public IP addresses. David Gillett
-----Original Message----- From: e-bone [mailto:ebone () DotsAndLoops net] Sent: October 16, 2003 09:01 To: security-basics () securityfocus com Subject: Possibility of routing through internet with private IP address Hi, We have the following VPN/Firewall setup: WAN -- T1 router -- netscreen(VPN) -- SonicWall(Firewall) -- LAN NAT takes place at the SonicWall. VPN tunnels from the WAN side end at the netscreen. VPN users receive a "virtual" IP address of 172.31.1.*, 172.31.2.* , etc ... The SonicWall has rules allowing in these private address ranges. Now, the question .... My (doofus) boss seems to think that it is possible that somebody could come into our LAN from the WAN side with one of these private IP addresses ? I tend to think this is complete hogwash (or bollocks if you prefer). Is there anyway someone can route through the internet (WAN) with a private IP address, and have the packets routed back to them properly ? For the purposes of answering the question, disregard for the moment that we could set up the netscreen with policies requiring these private IP ranges to be tunneled .... my boss for some inexplicable reason has no faith in this device ... that is the whole reason we still have the SonicWall around too. Any tips, hints, or gibberish of any kind welcome. cheers, e -------------------------------------------------------------- ------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Possibility of routing through internet with private IP address e-bone (Oct 16)
- Re: Possibility of routing through internet with private IP address Thorne (Oct 16)
- RE: Possibility of routing through internet with private IP address David Gillett (Oct 16)
- Re: Possibility of routing through internet with private IP address Ranjeet Shetye (Oct 16)
- <Possible follow-ups>
- Re: Possibility of routing through internet with private IP address Ivan Coric (Oct 17)