My company has a very large global network and we have decided to move from traditional crypto map site-to-site tunnels to VTI based IPSec tunnels. In order to organize the numerous tunnels and the sites they correspond to, we have designed an IP scheme that includes addresses that might fall into the legal public range and which are not assigned to our company. But we figured as long as we're not routing using those addresses and only using them for internal routing etc. we're good to go. Moreover, the tunnels come up just find using these addresses. However, I recently realized that some of these addresses are bing resolved by our devices to their legal fqdns. So my question is does it really matter if we use public addresses on our virtual tunnel interfaces when the traffic is being encapsulated between two public endpoints any way? A sample config is as follows:
ip address 188.8.131.52 255.255.255.252
tunnel source 70.x.x.x
tunnel destination 213.x.x.x
ip route 10.171.171.0 255.255.255.0 Tunnel1
ip address 184.108.40.206 255.255.255.252
tunnel source 213.x.x.x
tunnel destination 70.x.x.x
ip route 10.170.170.0 255.255.255.0 Tunnel2
Again, for our internal routing purposes, this setup has been working just fine. It's just that the addresses interface addresses are being resolved to their public FQDN. Note: 220.127.116.11/30 is not the actual address scheme we've been using.
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions
With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper...
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion
Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti...
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ...
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes.