• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 566
  • Last Modified:

What type of IP addressing scheme can I use within my company so that we can always use the Cisco VPN client (& that will be completely different from) for when we connect to our customer networks?

What type of ip addressing scheme can I use within my IT organization  so that we will be able to use the Cisco VPN client (& that will be completely different from) for when we connect to our customer's networks remotely?

The internal IP addresses that are used within my company's internal network must be completely different than those used within our customer's networks. This way, our internal company network won't be using any the same IP addresses or subnets that our customer networks would most commonly use.

I would like to use an IP v4 addressing scheme, but if we need to use an IP v6 addressing scheme, I will be willing implement this.

Can you please post some hyperlinks that discuss the best ways of doing this?
0
Knowledgeable
Asked:
Knowledgeable
  • 2
  • 2
4 Solutions
 
Patmac951Commented:
What is the subnet mask for your Network?  As far as IP addressing goes there are only certain ranges that can be used.
 10.0.0.0 through 10.255.255.255
169.254.0.0 through 169.254.255.255 (APIPA only)
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255

The most uncommon range used by companies is the 172.16 range.

However from personal experience and depending upon your subnet mask and the subnet mask of the remote system you may always have overlaps.  I classify an overlap as an IP address that is valid on both the local network and the remote network.  This is where you are running into a problem.   The easiest way to resolve an overlap issue is to set up a static NAT (network address translation) between your local system and the remote system.  This can be set on your local ASA or the remote router.
0
 
mobiusNZCommented:
Our practice is to use 10.150.x.0/24 networks for our internal net, and 192.168.x.0/24 for our clients.
With the 10.0.0.0 and 172.16.0.0 ranges remember you can divide them up just by using a larger subnet mask (ie 255.255.255.0)
0
 
KnowledgeableAuthor Commented:
Everyone,

What about using other subnet masks, such as 255.255.255.192 (although I understand that this won't leave our network with as many available IP addresses as we otherwise might need)?
0
 
mobiusNZCommented:
That certainly helps, but bear in mind 10.0.0.1/255.0.0.0 will still conflict with 10.0.0.1/255.255.255.192 etc. If you use a small network mask fairly high up you reduce the likelyhood of a conflict. As mentioned before we use networks like 10.150.1.0/255.255.255.0 and have not had any conflicts so far...
0
 
Patmac951Commented:
mobiusNZ has a valid point that using a network higher up in the range can reduce conflicts.  

However if the remote system you are connecting to via VPN has a wide open subnet like 255.0.0.0 and assigns IP's via DHCP to the VPN clients you could possibly still have a conflict at 10.150.*.* depending upon how the remote client allocates their IP addresses. But like mobiusNZ mentioned if you use a 10.*.*.* address and start at a high range the chances for conflict a less likely.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now