Guest

Cisco PIX 500 Series Security Appliances

Addressing an Unregistered Network Inside the PIX Firewall Using RFC 1918

Document ID: 4702



Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Recommended Address Ranges
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

When it is possible, users of unregistered (or "dirty") networks should use the reserved addresses in RFC 1918 leavingcisco.com on any networks inside the PIX.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Recommended Address Ranges

As discussed in RFC 1918, the addresses that you should use are shown here.

  • Class A: 10.0.0.0 - 10.255.255.255 (10/8 prefix)

  • Class B: 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

  • Class C: 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

There are two advantages of using these numbers on the inside of the PIX.

  • You can grow your internal IP networks without worrying about running out of addresses.

  • You can eliminate the risk of inadvertently using other networks' legitimate addresses.

For example, if you use the Class C range of 192.31.7.0 for network addresses on the inside of your PIX, your computers are unable to connect to another machine that has a legitimate IP address (such as 192.31.7.31). This is because your hosts try to reach a machine that does not exist on the inside of your firewall.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Security
Security: Intrusion Detection [Systems]
Security: AAA
Security: General
Security: Firewalling

Related Information



Updated: Jan 19, 2006Document ID: 4702