(August 1997)
|
|
Firewalls (August 1997) |
Hello Alan,Hank Seems the problem you have is also being faced by me.Please can you throw some more light on that. Let me tell you about my problem. I have to include some new customers into my network which are using class A address.These customers do not talk to each other . I am using a Class C address and I have already a client who is using Class A. Obviously there will be Ip clashes if I go about interconnecting them Can some one please give me a solution. A possibility I heard is also about Translation Servers.Could someone throw more light on this Thanks in advance!!! At 03:13 PM 8/27/97 -0400, you wrote: >Thanks, Hank! >That just about wraps up this discussion. >-alan > >Hank Jap wrote: >> >> Hi Alan, >> We just finished converting our IP addresses (4000 nodes) to >> our public IP addresses. This was due to the explosion of Extranet >> where we needed to connect to a bunch of business partners. We ran into >> problems where our private IP address was conflicting with our business >> partners'. It's just much easier for us now to connect to a business >> partner >> without worrying about conflicting IP addresses. >> >> Hank Jap >> PanCanadian Petroleum >> >> Alan Goldberg wrote: >> > >> > Thanks, Russ! >> > Good advice. I am inclined to agree. >> > >> > -alan >> > >> > Russ wrote: >> > > >> > > Alan, >> > > >> > > Fact is there is no real benefit gained from private address space. With >> > > source-routing, its still possible to reach and interact with private >> > > address IP hosts/subnets. NAT was never intended to be a security >> > > countermeasure, and its perception as such has led to the common >> > > fallacy. >> > > >> > > Private address space also translates into a likelihood that some other >> > > site you may try and reach is unreachable, particularly in this age of >> > > Extranets (combined networks of multiple corporations/organizations). In >> > > addition, applications/protocols that use IP address as an identifier >> > > (MS Netmeeting for example) require a one-one public IP - private IP >> > > mapping at your Firewall (if you mean to allow it through, even within >> > > tunnels). >> > > >> > > I strongly suggest you create a single subnet of exposed addresses and >> > > maintain your internal addressing. If your Firewall cannot withstand >> > > attacks against known IP addresses, changing them to private will only >> > > give you a false sense of security. Any proper testing methods used to >> > > validate your Firewall configuration should confirm that your internal >> > > address is secured, otherwise the Firewall's not doing what it's >> > > supposed to. >> > > >> > > Cheers, >> > > Russ >> > > R.C. Consulting, Inc. - NT/Internet Security >> > > owner of the NTBugTraq mailing list: http://www.ntbugtraq.com >> > >> > -- >> > Alan Goldberg >> > HJ Heinz Company of Canada Ltd / Intuit Bus Serv & Tech >> > agoldber @ istar . ca >> > http://home.istar.ca/~agoldber > >-- >Alan Goldberg >HJ Heinz Company of Canada Ltd / Intuit Bus Serv & Tech >agoldber @ istar . ca >http://home.istar.ca/~agoldber > > ...........Syed Azeem.
|