Document ID: 4702
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Recommended Address Ranges
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
When it is possible, users of unregistered (or "dirty") networks should
use the reserved addresses in
RFC
1918
on any networks inside the PIX.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Recommended Address Ranges
As discussed in RFC 1918, the addresses that you should use are shown here.
-
Class A: 10.0.0.0 - 10.255.255.255 (10/8 prefix)
-
Class B: 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
-
Class C: 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
There are two advantages of using these numbers on the inside of the PIX.
-
You can grow your internal IP networks without worrying about running out of addresses.
-
You can eliminate the risk of inadvertently using other networks' legitimate addresses.
For example, if you use the Class C range of 192.31.7.0 for network addresses on the inside of your PIX, your computers are unable to connect to another machine that has a legitimate IP address (such as 192.31.7.31). This is because your hosts try to reach a machine that does not exist on the inside of your firewall.
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for Security |
| Security: Intrusion Detection [Systems] |
| Security: AAA |
| Security: General |
| Security: Firewalling |
Related Information
-
RFC 1918: Address
Allocation for Private Internets
- PIX Support Page
- Documentation for PIX Firewall
- PIX Command References
- Field Notices for PIX Firewall
-
Requests for
Comments (RFCs)
- Technical Support & Documentation - Cisco Systems
| Updated: Jan 19, 2006 | Document ID: 4702 |