General discussion

  • Creator
    Topic
  • #2096623

    VPN on a private IP address

    Locked

    by awoods ·

    I have a number of users setup on a T1 line, sitting behind a Cisco Router setup with a firewall and DHCP. The users are then assigned private dynamic IP addresses. My question is, can I setup the users to access a remote server via the internet using VPN with a dynamic private IP address????

All Comments

  • Author
    Replies
    • #3821526

      VPN on a private IP address

      by fgarber ·

      In reply to VPN on a private IP address

      It depends on the VPN server. Is it built in to the firewall or is it inside the network? If it is the firewall what kind is it?

    • #3798275

      VPN on a private IP address

      by mckaytech ·

      In reply to VPN on a private IP address

      If you’re talking about the workstations with the DHCP addresses establishing an outbound VPN connection, yes that is quite easily accomplished as long as the IP address won’t be changing within a VPN session. In one of the systems I manage, we support a little over 1,000 users on DHCP and have no trouble using various VPN clients on the desktop to establish sessions on with VPN servers on foreign networks. It does require some dancing around with the outbound firewall rules (that particular system uses a non-NAT PIX)and we are not currently using IPSEC clients so if either of those factors are involved, there might be some issues to resolve.

      However, I assume you have a NAT firewall and what happens in that case is that the firewall ‘masquerades’ the VPN traffic so it appears to be coming from the external (public) IP address, regardless of the private IP address behind the firewall. The only “gotcha” is that the private IP has to outlast the VPN session so the firewall knows how to route the incoming packets back to the IP address that started the session.

      I would be glad to share whatever other information I might have that might be useful to you in setting this up. One thing I will mention is that your users will need to understand that unless “split tunneling” is implemented by the particular VPN product you’re using, they will lose access to their local network during the time they are connected to the VPN session. That’s been a big hurdle for some of our users who want to have simulaneous sessions open with their local LAN and a remote mainframe and aren’t quite happy that we cannot support that in some cases.

      paul

    • #3679562

      VPN on a private IP address

      by lori h ·

      In reply to VPN on a private IP address

      Paul is on target here. The tricky part of using VPN with a firewall is when you are using a NAT. You cannot use a PAT (port address translation) and a VPN. You can get around this by doing a static NAT for each client internal IP address and then opening ports or conduits for each NAT. Obviously this only makes sense if you only have a few clients that need the vpn connections.

    • #3610935

      VPN on a private IP address

      by awoods ·

      In reply to VPN on a private IP address

      This question was auto closed due to inactivity

Viewing 3 reply threads