RE: RFC1918 addresses to permit in for VPN?


As long as you do it BACK-END, meaning, no need or desire, or possibility
of outside access, you're fine (IMHO).

1918 has it's place. But, as Randy has stated, it is NO guarantee of

We use 1918 space in our network -- It's 100% test environment,
unconnected, and secure. If someone breaches physical security, more
power to them amd SMAME ON US! (Please, someone try! It's been a while
since we've had someone at gunpoint and we're forgetting all of the lines
from the Dirty Harry movies.) (Yes, we've had people at gunpoint
before. I doubt they'll EVER try again.)

People who use 1918 space because "they're running out of address
space" or "security" IMHO, are doing themselfs a disservice. #1, have
they ever heard of IP UNNUMBERED? Can save a TON of address space. And
if they're that anal about their use of world-routable address space and
are that tight on available addresses, I'm sure they'll be OK'd for more
address space from ARIN or whoever their RIR happens to be.