Public Ip to Public

G

Gabrielv

This might be out of topic but I am trying to configure
my main DC DNS settings to wotk with my secondary ISA
server. We use ADP and they supplied us with Public IP
address scheme here in the office. Basicly every PC and
printer and routers has a public IP address of
204.224.123.x My question is can you re-rout a public IP
address to a public IP address. I know private to public
can be done is always done but public to public?
 
L

Lanwench [MVP - Exchange]

Why are you using public IPs on your internal network? What does this give
you? I'm not an ISA expert by far, but note that if you have a
firewall/server that does NAT, your 'public' IPs are essentially 'private' -
but using valid public IPs on a LAN is not recommended. You can set up port
forwarding or one-to-one NAT for whatever you like, but I'd seriously
rethink using public IPs internally at all.
 
G

Guest

I agree in what your saying but what is the real reason
why I shouldn't use real IPs in myu internal network?
This is how it was set up by ADP. I am trying to figure
out some issues but like to know the reason.
 
L

Lanwench [MVP - Exchange]

Security, for one...for more info on private, non-routable TCP/IP network
info, see RFC 1918 http://www.faqs.org/rfcs/rfc1918.html. Also, you can use
more addresses than your ISP gives you. Your ISP shouldn't be the one making
decisions about how your internal network is set up.
 
H

Herb Martin

Gabrielv said:
This might be out of topic but I am trying to configure
my main DC DNS settings to wotk with my secondary ISA
server. We use ADP and they supplied us with Public IP
address scheme here in the office. Basicly every PC and
printer and routers has a public IP address of
204.224.123.x My question is can you re-rout a public IP
address to a public IP address. I know private to public
can be done is always done but public to public?

Yes, sure, why not? As long as your NAT software (ISA
in this instance) doesn't try to stop you from adding them in
or from translating (plain old NAT will let you but sometimes
ISA tries to help "too much".)

There isn't much point in doing it however. It only prevents
unsolicited inbound access, which ISA can protect anyway
AND you should be running better security than that anyway
since anytime an internal clients is allowed to connect to
an external resources it exposes itself to the "outside, big,
bad world" to allow the responses.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top