Public Ip to Public

  • Thread starter Thread starter Gabrielv
  • Start date Start date
G

Gabrielv

This might be out of topic but I am trying to configure
my main DC DNS settings to wotk with my secondary ISA
server. We use ADP and they supplied us with Public IP
address scheme here in the office. Basicly every PC and
printer and routers has a public IP address of
204.224.123.x My question is can you re-rout a public IP
address to a public IP address. I know private to public
can be done is always done but public to public?
 
Why are you using public IPs on your internal network? What does this give
you? I'm not an ISA expert by far, but note that if you have a
firewall/server that does NAT, your 'public' IPs are essentially 'private' -
but using valid public IPs on a LAN is not recommended. You can set up port
forwarding or one-to-one NAT for whatever you like, but I'd seriously
rethink using public IPs internally at all.
 
I agree in what your saying but what is the real reason
why I shouldn't use real IPs in myu internal network?
This is how it was set up by ADP. I am trying to figure
out some issues but like to know the reason.
 
Security, for one...for more info on private, non-routable TCP/IP network
info, see RFC 1918 http://www.faqs.org/rfcs/rfc1918.html. Also, you can use
more addresses than your ISP gives you. Your ISP shouldn't be the one making
decisions about how your internal network is set up.
 
Gabrielv said:
This might be out of topic but I am trying to configure
my main DC DNS settings to wotk with my secondary ISA
server. We use ADP and they supplied us with Public IP
address scheme here in the office. Basicly every PC and
printer and routers has a public IP address of
204.224.123.x My question is can you re-rout a public IP
address to a public IP address. I know private to public
can be done is always done but public to public?
Click to expand...

Yes, sure, why not? As long as your NAT software (ISA
in this instance) doesn't try to stop you from adding them in
or from translating (plain old NAT will let you but sometimes
ISA tries to help "too much".)

There isn't much point in doing it however. It only prevents
unsolicited inbound access, which ISA can protect anyway
AND you should be running better security than that anyway
since anytime an internal clients is allowed to connect to
an external resources it exposes itself to the "outside, big,
bad world" to allow the responses.
 
Back
Top