Firewalls: RE: Duplicated network addresses

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Duplicated network addresses
From:	Lilia Miltcheva <Miltcheva @ unicc . org>
Date:	Tue, 4 Feb 1997 16:51:13 +0100
To:	"'Lilia Miltcheva'" <miltcheva @ unicc . org>, "'Jeff Needle'" <needle @ altavista . digital . com>
Cc:	"'admin @ unicc . org'" <admin @ unicc . org>, "'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>

Jeff,

Probably I cannot explain very well. What you say for me means that
while I have the tunnel client up I will never see the host on the
Internet (www.microsoft.com in my example)?! I will always go through
the tunnel, because the tunnel client will think that this is a private
address....

Thanks, Lili

>----------
>From: 	Jeff Needle[SMTP:needle @
 altavista .
 digital .
 com]
>Sent: 	Tuesday, February 04, 1997 1:34AM
>To: 	Lilia Miltcheva
>Cc: 	'admin @
 unicc .
 org'; 'firewalls @
 greatcircle .
 com'
>Subject: 	RE: Duplicated network addresses
>
>It won't matter if you assign an address that is equivalent to an external
>address.  The only place those tunnel "pseudo addresses" will be seen is
>on the private network, beyond the tunnel server.  They never travel on
>the internet.  Any tunnel packets traveling on the internet will be
>encrypted and encapsulated in an IP packet with a source address of the
>client's real address and a destination address of your firewall, both of
>which would be legal address.
>
>The typical tunnel configuration seems to use RFC 1918 addresses for the
>tunnel clients.
>
>Jeff
>
>On Tue, 4 Feb 1997, Lilia Miltcheva wrote:
>
>> Date: Tue, 4 Feb 1997 16:32:00 +0100
>> From: Lilia Miltcheva <Miltcheva @
 unicc .
 org>
>> To: "'jeff .
 needle @
 altavista-software .
 com'"
>     <jeff .
 needle @
 altavista-software .
 com>
>> Cc: "'altavista-product @
 digital .
 com'" <altavista-product @
 digital .
 com>,
>>     "'admin @
 unicc .
 org'" <admin @
 unicc .
 org>,
>>     "'firewalls @
 greatcircle .
 com'" <firewalls @
 greatcircle .
 com>
>> Subject: RE: Duplicated network addresses
>> 
>> Jeff,
>> 
>> What you say is correct and I do not have any problem with that. My
>> question is rather what will happen if I address host.unicc.org that has
>> the same IP as www.microsoft.com, for example? 
>> As the tunnel comes up, the tunnel server tells the client which
>> networks a to be tunneled, so logically in this case for
>> www.microsoft.com = host.unicc.org I will go through the tunnel and
>> therefore I will never be able to reach www.microsoft.com while the
>> tunnel is up....
>> 
>> Thanks a lot for your support,
>> Lili
>
>
>

Follow-Ups:

RE: Duplicated network addresses
From: Jeff Needle <needle @ altavista . digital . com>

Indexed By Date	Previous:	RE: Duplicated network addresses From: Jeff Needle <needle @ altavista . digital . com>
Indexed By Date	Next:	Re: Poor NSA...Hells freezin' over again. From: "K.M." <goertzek @ wangfed . com>
Indexed By Thread	Previous:	RE: Duplicated network addresses From: Daniel Garcia <kender @ hollyfeld . org>
Indexed By Thread	Next:	RE: Duplicated network addresses From: Jeff Needle <needle @ altavista . digital . com>