General discussion

Locked

VPN on a private IP address

By awoods ·
I have a number of users setup on a T1 line, sitting behind a Cisco Router setup with a firewall and DHCP. The users are then assigned private dynamic IP addresses. My question is, can I setup the users to access a remote server via the internet using VPN with a dynamic private IP address????

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VPN on a private IP address

by fgarber In reply to VPN on a private IP addre ...

It depends on the VPN server. Is it built in to the firewall or is it inside the network? If it is the firewall what kind is it?

Collapse -

VPN on a private IP address

by awoods In reply to VPN on a private IP addre ...

The question was auto-closed by TechRepublic

Collapse -

VPN on a private IP address

by McKayTech In reply to VPN on a private IP addre ...

If you're talking about the workstations with the DHCP addresses establishing an outbound VPN connection, yes that is quite easily accomplished as long as the IP address won't be changing within a VPN session. In one of the systems I manage, we support a little over 1,000 users on DHCP and have no trouble using various VPN clients on the desktop to establish sessions on with VPN servers on foreign networks. It does require some dancing around with the outbound firewall rules (that particular system uses a non-NAT PIX)and we are not currently using IPSEC clients so if either of those factors are involved, there might be some issues to resolve.

However, I assume you have a NAT firewall and what happens in that case is that the firewall 'masquerades' the VPN traffic so it appears to be coming from the external (public) IP address, regardless of the private IP address behind the firewall. The only "gotcha" is that the private IP has to outlast the VPN session so the firewall knows how to route the incoming packets back to the IP address that started the session.

I would be glad to share whatever other information I might have that might be useful to you in setting this up. One thing I will mention is that your users will need to understand that unless "split tunneling" is implemented by the particular VPN product you're using, they will lose access to their local network during the time they are connected to the VPN session. That's been a big hurdle for some of our users who want to have simulaneous sessions open with their local LAN and a remote mainframe and aren't quite happy that we cannot support that in some cases.

paul

Collapse -

VPN on a private IP address

by awoods In reply to VPN on a private IP addre ...

The question was auto-closed by TechRepublic

Collapse -

VPN on a private IP address

by Lori H In reply to VPN on a private IP addre ...

Paul is on target here. The tricky part of using VPN with a firewall is when you are using a NAT. You cannot use a PAT (port address translation) and a VPN. You can get around this by doing a static NAT for each client internal IP address and then opening ports or conduits for each NAT. Obviously this only makes sense if you only have a few clients that need the vpn connections.

Collapse -

VPN on a private IP address

by awoods In reply to VPN on a private IP addre ...

The question was auto-closed by TechRepublic

Collapse -

VPN on a private IP address

by awoods In reply to VPN on a private IP addre ...

This question was auto closed due to inactivity

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums