It won't matter if you assign an address that is equivalent to an external
address. The only place those tunnel "pseudo addresses" will be seen is
on the private network, beyond the tunnel server. They never travel on
the internet. Any tunnel packets traveling on the internet will be
encrypted and encapsulated in an IP packet with a source address of the
client's real address and a destination address of your firewall, both of
which would be legal address.
The typical tunnel configuration seems to use RFC 1918 addresses for the
On Tue, 4 Feb 1997, Lilia Miltcheva wrote:
> Date: Tue, 4 Feb 1997 16:32:00 +0100
> From: Lilia Miltcheva <Miltcheva @
> To: "'jeff .
> Cc: "'altavista-product @
com'" <altavista-product @
> "'admin @
org'" <admin @
> "'firewalls @
com'" <firewalls @
> Subject: RE: Duplicated network addresses
> What you say is correct and I do not have any problem with that. My
> question is rather what will happen if I address host.unicc.org that has
> the same IP as www.microsoft.com, for example?
> As the tunnel comes up, the tunnel server tells the client which
> networks a to be tunneled, so logically in this case for
> www.microsoft.com = host.unicc.org I will go through the tunnel and
> therefore I will never be able to reach www.microsoft.com while the
> tunnel is up....
> Thanks a lot for your support,