Firewalls: Re: Duplicated network addresses

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Duplicated network addresses
From:	Jeff Needle <needle @ altavista . digital . com>
Date:	Tue, 4 Feb 1997 09:54:41 -0500 (EST)
To:	Lilia Miltcheva <miltcheva @ unicc . org>
Cc:	altavista-product @ digital . com, admin @ unicc . org, firewalls @ GreatCircle . COM
In-reply-to:	<32F60309 . 41C6 @ unicc . org>
Reply-to:	jeff . needle @ altavista-software . com

When you use the AltaVista Tunnel, any network packets that travel the
internet will have a source address of your physical adapter and a target
address of your firewall's external interface (tunnel server in the case
where you have no firewall).  The tunnel server, upon receipt of a tunnel
packet, will strip the tunnel header and decrypt the packet, restoring the
original destination address.  Therefore the only place your private
network addresses will be seen are within your private network, between
your tunnel server and the final internal destination.

Hope this helps.  If you have any further questions about AltaVista
Tunnel, don't hesitate to contact me.

Jeff Needle, AltaVista engineering

On Mon, 3 Feb 1997, Lilia Miltcheva wrote:

> Date: Mon, 03 Feb 1997 16:23:53 +0100
> From: Lilia Miltcheva <miltcheva @
 unicc .
 org>
> To: altavista-product @
 digital .
 com
> Cc: admin @
 unicc .
 org, firewalls @
 GreatCircle .
 COM
> Subject: Duplicated network addresses
> 
> Dear Guru,
> 
> I'm keen on using the AltaVista Tunnel and have already a lot of
> requests for providing the service. I have a question :
> 
> We are currently using Alta Vista FW for Unix and behind it we have
> class C addresses that we once got by EUnet. Than we changed the ISP and
> renumbered our "red" (external) network, but on the internal ("blue")
> WAN we kept the old IPs as there are anyhow not accessible from the
> Internet.
> 
> What is going to happen if a remote client, using AVT connects to our
> AVT server, gets the numbers of the private networks (for example
> 193.72.45.0) and starts tunneling, but at the same time there is a
> server somewhere on the Internet that has address let's say 193.72.45.20
> (same class C). How this clash could possibly be menaged?
> 
> 
> I'm aware that many people use inside their FW "any" IP addresses (just
> unique on the LAN), so that will be a problem with all those guys if
> some coincedence occurs.
> 
> Is there something I'm missing?
> 
> Thanks a lot in advance.. I'll greately appriciate any help....
> 
> Lili
>

References:

Duplicated network addresses
From: Lilia Miltcheva <miltcheva @ unicc . org>

Indexed By Date	Previous:	RE: AVT configurations From: Arjo Mukherjee 4663 <mukherje @ ebo . dec . com>
Indexed By Date	Next:	RE: AVT configurations From: Jeff Needle <needle @ altavista . digital . com>
Indexed By Thread	Previous:	Duplicated network addresses From: Lilia Miltcheva <miltcheva @ unicc . org>
Indexed By Thread	Next:	RE: Duplicated network addresses From: Lilia Miltcheva <Miltcheva @ unicc . org>