I have a very standard setup for my company - a Cisco router facing the Internet, connected to a Firewall appliance with 2 zones, one a DMZ and the other an internal network.
My question is what IP address do I give my inner facing port on my router - a routable or non-routable one? If routable, I can telnet in to it from the public Internet. However, I have read of best practices that say you should never do this. I will have a VPN solution so I can VPN into my private network and telnet from there.
Secondly, assuming I choose non-routable, I have two zones in my network, one my office LAN and one my DMZ, each with a different IP block. Should I use one of those two IP blocks for the internal port or should I pick a third, completely different IP block? Is there any reason not to do this?