6 Feb
2017
6 Feb
'17
3:24 p.m.
On 02/06/2017 03:05 PM, Rob Janssen wrote:
I think precisely this is the reason why such addresses should be rejected: The user may have the wrong assumption that the address to be entered here is the address of the system terminating the tunnel, while in reality it has to be the internet-visible address that supposedly is NATted to the tunnel gateway.
So, what happens in the local infrastructure does not matter.
Exactly. RFC1918 speaks of autonomous networks. RFC-1918 netblocks should never be routed or advertised outside your own autonomous network. Ingress interfaces and routers should also drop packets and route advertisements from these networks.