It is true that we cannot ping a private IP address on the internet, and that is the concept, but when we create a network in the Cisco Packet Tracer, what is the reason that we are able to ping a private IP from one network to another private IP in another network?
I made a network as shown:
The serial interface represents a WAN, e.g. the Internet (if i am not wrong). I configured RIP on both the routers. Now, the serial interface can actually be a mesh of routers (configured with RIP) from where my packets can travel. So, is it true that any intermediate routers in the WAN can also ping here?
That is, if my routers are at two branches of my organization in two places, is it possible that any intermediate person can gain access to my internal network? I know that the answer has to be NO, but then why/why not?
I am really confused.
Best Answer
From the perspective of IP, an IP address is an IP address, and IP is happy to use any of them. On the Internet, the ISPs have agreed to not route traffic with private addresses. You can do the same in you test network.
IP has no distinction between public and private addresses. The ISPs have agreed not to route the arbitrarily assigned private addresses. You can emulate what the ISPs do by placing ACLs on your "Internet" to simply drop traffic destined to private addresses (or any address range, for that matter).
If the ISPs didn't place such a restriction, then private addressing would not be private, and only one site could use any single private network, otherwise you would have duplicate addressing all over the Internet. ISPs have ACLs (or the equivalent) to drop incoming traffic destined to private addresses, and the routing protocol used on the public Internet (BGP) is probably configured at each ISP to not exchange routes for private networks. There is nothing to keep you from doing that in your "Internet."