Page 905 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 905
simply deployed more devices using IP than there are unique IP
addresses available. Fortunately, the early designers of the internet
and TCP/IP had good foresight and put aside a few blocks of addresses
for private, unrestricted use. These IP addresses, commonly called the
private IP addresses, are defined in RFC 1918. They are as follows:
10.0.0.0–10.255.255.255 (a full Class A range)
172.16.0.0–172.31.255.255 (16 Class B ranges)
192.168.0.0–192.168.255.255 (256 Class C ranges)
Can’t NAT Again!
On several occasions we’ve needed to re-NAT an already NATed
network. This might occur in the following situations:
You need to make an isolated subnet within a NATed network
and attempt to do so by connecting a router to host your new
subnet to the single port offered by the existing network.
You have a DSL or cable modem that offers only a single
connection but you have multiple computers or want to add
wireless to your environment.
By connecting a NAT proxy router or a wireless access point, you
are usually attempting to re-NAT what was NATed to you initially.
One configuration setting that can either make or break this setup
is the IP address range in use. It is not possible to re-NAT the same
subnet. For example, if your existing network is offering
192.168.1.x addresses, then you cannot use that same address
range in your new NATed subnet. So change the configuration of
your new router/WAP to perform NAT on a slightly different
address range, such as 192.168.5.x, so you won’t have the conflict.
This seems obvious, but it is quite frustrating to troubleshoot the
unwanted result without this insight.
