Private IP addressing advice!!

[Guest]

Hi,

I would really appreciate some feedback on the following.

We are a mid size Architectural company in Cambridge, MA of about 140. Our
network servers are all Windows 2003. We are currently using the private IP
address range of 10.0.0.0. We use Checkpoint NG and thru NAT translation,
provide Internet access for our staff using the 209.58. addresses.

Here is the problem. Our notebook staff are complaining of connection
problems at Airports and hotels. Apparently, these Organizations are also
using the 10 network IP address range internally. This provides a conflict
for our staff when they try to connect to our office thru the VPN from hotels
and Airports.

We will like to switch to the Private Internet address range of 172.168.0.0
- 192.168.255.255. Is anyone using this IP address range out there? Are you
experiencing any know problems with this IP range.

Please let me know if you have any questions and thanks for your assistance
in this matter
Nasser

 

[Doug Sherman [MVP]]

Per RFC 1918 the reserved private IP address ranges are:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

You have encountered an increasingly common problem - more and more airports
and hotels are providing Internet access by allowing you to connect a
private network, and you cannot route VPN connections between machines which
have the same network address. I would have guessed that 192.168.x.x is the
most common network address available for this purpose, but I don't know
whether there are any statistics available on this. I would guess that the
least likely to be duplicated range would be 172.16.0.0/12. If you use a
public IP address range on your internal network, you have little chance of
encountering this issue, but your internal machines will not be able to
route to public servers using that address range.

Doug Sherman
MCSE Wink/NT4.0, MCSA, MCP+I, MVP

 

[Leythos]

Hi,

I would really appreciate some feedback on the following.

We are a mid size Architectural company in Cambridge, MA of about 140. Our
network servers are all Windows 2003. We are currently using the private IP
address range of 10.0.0.0. We use Checkpoint NG and thru NAT translation,
provide Internet access for our staff using the 209.58. addresses.

Here is the problem. Our notebook staff are complaining of connection
problems at Airports and hotels. Apparently, these Organizations are also
using the 10 network IP address range internally. This provides a conflict
for our staff when they try to connect to our office thru the VPN from hotels
and Airports.

We will like to switch to the Private Internet address range of 172.168.0.0
- 192.168.255.255. Is anyone using this IP address range out there? Are you
experiencing any know problems with this IP range.

We see this all the time. Do not use 10.0.0.0/8, 192.168.0.0/24,
192.168.1.0/24 or the 172.168.0.0/16 subnet as your default.

For small offices, with under 200 nodes, we use something like
192.168.10.0/24 and the other offices are 192.168.128.0/24 increasing
from 128 to 200 as needed for additional offices for the VPN tunnels.

There is also nothing stopping you from using something like 192.168.x.y
with a /23 or /22 as long as it does not encompass the 192.168.0.x or
the 192.168.1.x range.

This lets most home user network using a default subnet still access the
company network without conflicts, and from Hotels.

 

[Deepak Bansal [MS]]

Don't you use DHCP for assigning addresses to notebooks? Static IP addresses
can always run into issues (no matter what address you use) when one
connects from multiple places but auto-configuring addresses through DHCP
avoids it altogether.

 

[Guest]

Thanks Doug for the quick response and reply. We have decided to use the
172.16 address range. Many thanks again
Nasser

 

[Guest]

Hi, thanks for the advice. Yuo are correct, we can use the 192.168 range.
However, we have decided to use the 172.16 range. Hopefully, fewer companies
are using this address for the Internal networks.

Nasser