IP Addresses


Overview

IP address classes are defined as follows:

Class First Octet Network mask Description
A 1 thru 127 255.0.0.0 The first octet is the net address. The last three octets are the host address.
B 128 thru 191 255.255.0.0 The first two octets are the net address. The last two octets are the host address.
C 192 and higher 255.255.255.0 The first three octets are the net address. The last octet is the host address.

Use RFC 1918 IP addresses for inside and perimeter addresses:

Class A 10.0.0.0 to 10.255.255.255
Class B 172.160.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255

For firewalls, IP addresses in the ip address, static, global, failover, tunnel, and virtual commands must be unique. These IP addresses cannot be the same as the router addresses.

IP Addresses are primarily one of four values:

  1. local_ip
    Untranslated IP address on the internal, protected network. For outbound connections a local_ip is translated to a global_ip. On the return path a global_ip is translated to a local_ip. The local_ip to global_ip translation can be disabled with the nat 0 0 0 command. In syslog referenced as laddr.

  2. global_ip
    Translated global IP address in the pool or those addresses declared with the global or static commands. In syslog referenced as gaddr.

  3. foreign_ip
    Untranslated IP address on an external network. If the alias command is in use, an inbound message originating for the foreign_ip source address is translated to dnat_ip by firewall.

  4. dnat_ip
    Translated IP address on an external network. Also known as dual NAT. The IP address has been translated by the alias command. For outbound connections destined to dnat_ip, the IP address will be untranslated to foreign_ip.

  5. virtual_ip
    Fictitious public or private IP address that is not the address of a real web werver on the interface you are accessing. Used with the virtual command.