My organization does a lot of site-to-sites with vendors, other organizations, etc, and an increasingly common stipulation from them, understandably, is to not use private addresses in the tunnel. In most previous cases, the other party would give us addresses to use for NAT and I never gave it another thought.
Lately however we have had the same stipulation of no private addressing, but not given NAT addresses to use. I've suggested using other address space like 203.0.113.0/24 or 198.18.0.0/15 but I'm getting pushback about it from the other parties.
Is there a better way to handle this?
For additional context, I just did a VPN with one of our biggest vendors where our private addresses are translated to 5.5.x.x addresses, with that being the option they provided to us.
No comments:
Post a Comment