• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 569
  • Last Modified:

What type of IP addressing scheme can I use within my company so that we can always use the Cisco VPN client (& that will be completely different from) for when we connect to our customer networks?

What type of ip addressing scheme can I use within my IT organization  so that we will be able to use the Cisco VPN client (& that will be completely different from) for when we connect to our customer's networks remotely?

The internal IP addresses that are used within my company's internal network must be completely different than those used within our customer's networks. This way, our internal company network won't be using any the same IP addresses or subnets that our customer networks would most commonly use.

I would like to use an IP v4 addressing scheme, but if we need to use an IP v6 addressing scheme, I will be willing implement this.

Can you please post some hyperlinks that discuss the best ways of doing this?
0
IT Guy
Asked:
IT Guy
  • 2
  • 2
4 Solutions
 
Patmac951Commented:
What is the subnet mask for your Network?  As far as IP addressing goes there are only certain ranges that can be used.
 10.0.0.0 through 10.255.255.255
169.254.0.0 through 169.254.255.255 (APIPA only)
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255

The most uncommon range used by companies is the 172.16 range.

However from personal experience and depending upon your subnet mask and the subnet mask of the remote system you may always have overlaps.  I classify an overlap as an IP address that is valid on both the local network and the remote network.  This is where you are running into a problem.   The easiest way to resolve an overlap issue is to set up a static NAT (network address translation) between your local system and the remote system.  This can be set on your local ASA or the remote router.
0
 
mobiusNZCommented:
Our practice is to use 10.150.x.0/24 networks for our internal net, and 192.168.x.0/24 for our clients.
With the 10.0.0.0 and 172.16.0.0 ranges remember you can divide them up just by using a larger subnet mask (ie 255.255.255.0)
0
 
IT GuyNetwork EngineerAuthor Commented:
Everyone,

What about using other subnet masks, such as 255.255.255.192 (although I understand that this won't leave our network with as many available IP addresses as we otherwise might need)?
0
 
mobiusNZCommented:
That certainly helps, but bear in mind 10.0.0.1/255.0.0.0 will still conflict with 10.0.0.1/255.255.255.192 etc. If you use a small network mask fairly high up you reduce the likelyhood of a conflict. As mentioned before we use networks like 10.150.1.0/255.255.255.0 and have not had any conflicts so far...
0
 
Patmac951Commented:
mobiusNZ has a valid point that using a network higher up in the range can reduce conflicts.  

However if the remote system you are connecting to via VPN has a wide open subnet like 255.0.0.0 and assigns IP's via DHCP to the VPN clients you could possibly still have a conflict at 10.150.*.* depending upon how the remote client allocates their IP addresses. But like mobiusNZ mentioned if you use a 10.*.*.* address and start at a high range the chances for conflict a less likely.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now