Using private APNIC range in US

Eric J Esslinger eesslinger at
Fri Mar 19 12:12:37 CDT 2010

> -----Original Message-----
> From: Charles Mills [mailto:w3yni1 at]
> Sent: Friday, March 19, 2010 10:06 AM
> To: Matt Shadbolt
> Cc: nanog at
> Subject: Re: Using private APNIC range in US
> I love war stories.  I once got chewed out by a colleague <?>
> from another organization because we were using "their" address space.
> We were using  Explanation of NAT and RFC1918 was
> met with a deer in the headlights look.
> On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt
> <matt.shadbolt at> wrote:
> > I once had a customer who for some reason had all their printers on
> > public addresses they didn't own. Not advertising them outside, but
> > internally whenever a user browsed to a external site that
> happened to
> > be one of the addresses used, they would just receive a HP
> or Konica
> > login page :)
> >
> > They didn't mind though. No idea if they've changed it since.
> >
> >
Was troubleshooting a customer's vpn trouble a few years ago at another ISP. Could connect from outside our ISP, but users of our service sometimes could and sometimes couldn't connect.

Turns out the Master Network Manager (that's what he called himself) had looked at the static IP assignment, and extrapolated back the whole /22 they were on and used it for the inside of his NAT router. When people hit that part of our network pool, they could make the initial connection but then the poor firewall would have a nervous breakdown and not pass traffic right (I don't blame it).

My solution: Renumber to a reserved private block internally. He had about 200 devices with static assigned dhcp on about 10 of them.
His solution: Every company user that gets access through our service had to get some form of other service in order to connect to his network by vpn since we 'don't know what we're doing with network configuration'. 35 people either switched away from us or got a second (usually dial up) connection for when they wanted to vpn in.
I believe his core mantra was that the private 1918's were 'not secure' for some reason he couldn't articulate to me.

This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Eric J Esslinger.vcf
Type: text/x-vcard
Size: 498 bytes
Desc: Eric J Esslinger.vcf
URL: <>

More information about the NANOG mailing list