<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3086" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>Hello</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>many companies like Daimler Chrisler are using IP from public class but
are only routed inside their private network</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>they bought many years ago /16 space IP's and still use it as it was the
way to do before</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>using public addresses for internal use is wasting IP's, but i don't
see any specific problem for routing</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>all border routers are doing very simple firewalling (most of the time
only ACL)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>if you have been assigned public IP's, i advise you to do antispoofing on
your border routers or gateways</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>to avoid incoming packets from internet with your
IP's</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007></SPAN><SPAN
class=328161316-09062007><FONT color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>also, ISP are dedicating IP from their IP plan only for securing the
administration of all equipment</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>and using a VPN over public IP space like described for Verizon make
easier managing a lot of tunnels</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>with different customers</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>just to explain, if you are using standard IPSEC with presahred connected
to same VPN concentrator</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>how are you going to manage two users with same local IP adress
space</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>for example:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>verizon internal = 10.1.1.0/24 <-> IPSEC <-> customer 1
internal = 10.1.2.0/24</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>and you start business with them and your internal network is
10.1.2.0/24</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>do you think verizon wil change on his side, i think you'll have to do it
and it can be a mess</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>best regards</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2>thierry</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=328161316-09062007><FONT color=#0000ff
size=2></FONT></SPAN> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=fr dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>De :</B>
asterisk-biz-bounces@lists.digium.com
[mailto:asterisk-biz-bounces@lists.digium.com] <B>De la part de</B>
Matt<BR><B>Envoyé :</B> samedi 9 juin 2007 14:08<BR><B>À :</B>
Commercial and Business-Oriented Asterisk Discussion<BR><B>Objet :</B>
Re: [asterisk-biz] Re: Verizon Interconnection<BR></FONT><BR></DIV>
<DIV></DIV>Christopher,<BR>I understand exactly what you are saying.... but
let's think about this for a moment.<BR><BR>If the networks we are stitching
together have all public IPs, then either one of two things is
happening.<BR><BR>1 - You can't access the IPs from the Internet, so they
aren't really public....they are from the public pool, and are depleting the
limited supply for IPs, but they aren't public, therefore they should be
private IPs. <BR><BR>2 - You can access the IPs from the Internet, therefore,
there is no need for a VPN.<BR><BR>You should never never never NEVER use
public IPs behind a firewall (unless they can be accessed from the
Internet). To put a public IP behind a firewall where it can't be
accessed is a waste of IP space, and asking for routing problems. <BR><BR>
<DIV><SPAN class=gmail_quote>On 6/9/07, <B class=gmail_sendername>Christopher
LILJENSTOLPE</B> <<A href="mailto:cdl@asgaard.org">cdl@asgaard.org</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">Ahh
- I have to disagree here. A VPN makes a virtual
connection<BR>between two networks. The state of those networks
is entirely up to<BR>the people who run the networks. I know of a
LOT of cases where<BR>people use VPNs to tunnel puddles of networks over the
public <BR>infrastructure to stitch a single AS together, for
example.<BR><BR>As far as 1918 vs. globally unique address space, there are
many<BR>"public" and "private" networks that use the
later. Anyone planning <BR>on using 1918 space for VoIP
infrastructure that is going to connect<BR>to external entities is not
really thinking things through (or<BR>believe that SBC's will make
everything painless). To quote Randy<BR>Bush...
<BR><BR> Chris<BR><BR>On Jun
8, 2007, at 23.30 , Matt wrote:<BR><BR>> I'm not sure what the problem
is. You use public IP, you use IPSEC,<BR>> static<BR>> route VZ IPs
down the tunnel. No problem.<BR>> <BR>> Right there is no problem,
now. As everyone else in this thread<BR>> has said (for the
most part). It works once you understand what<BR>> Verizon is
trying to do, however prior to that their IPSEC layout <BR>> is rather
confusing. IE *normally* a VPN connects two
PRIVATE<BR>> networks togethor... not two PUBLIC networks.<BR>>
_______________________________________________<BR>> --Bandwidth and
Colocation provided by <A href="http://Easynews.com">Easynews.com</A>
--<BR>><BR>> asterisk-biz mailing list<BR>> To UNSUBSCRIBE or
update options visit:<BR>> <A
href="http://lists.digium.com/mailman/listinfo/asterisk-biz">http://lists.digium.com/mailman/listinfo/asterisk-biz
</A><BR><BR>_______________________________________________<BR>--Bandwidth
and Colocation provided by <A href="http://Easynews.com">Easynews.com</A>
--<BR><BR>asterisk-biz mailing list<BR>To UNSUBSCRIBE or update options
visit: <BR> <A
href="http://lists.digium.com/mailman/listinfo/asterisk-biz">http://lists.digium.com/mailman/listinfo/asterisk-biz</A><BR></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></BODY></HTML>