Hi everyone,

My company has a very large global network and we have decided to move from traditional crypto map site-to-site tunnels to VTI based IPSec tunnels.  In order to organize the numerous tunnels and the sites they correspond to, we have designed an IP scheme that includes addresses that might fall into the legal public range and which are not assigned to our company.  But we figured as long as we're not routing using those addresses and only using them for internal routing etc. we're good to go.  Moreover, the tunnels come up just find using these addresses.  However, I recently realized that some of these addresses are bing resolved by our devices to their legal fqdns.  So my question is does it really matter if we use public addresses on our virtual tunnel interfaces when the traffic is being encapsulated between two public endpoints any way?  A sample config is as follows:

Router 1

interface Tunnel1

ip address 192.170.171.1 255.255.255.252

tunnel source 70.x.x.x

tunnel destination 213.x.x.x

ip route 10.171.171.0 255.255.255.0 Tunnel1

Router 2

interface Tunnel2

ip address 192.170.171.2 255.255.255.252

tunnel source 213.x.x.x

tunnel destination 70.x.x.x

ip route 10.170.170.0 255.255.255.0 Tunnel2

Again, for our internal routing purposes, this setup has been working just fine.  It's just that the addresses interface addresses are being resolved to their public FQDN.  Note: 192.170.170.0/30 is not the actual address scheme we've been using.

Thanks in advance for your time