| Author |
Message |
Spam Catcher
Guest
|
 Posted:
Wed Dec 14, 2005 4:28 am Post subject:
SonicWall VPN into DMZ - Public IPs? |
|
|
Is it possible to create a VPN tunnel into a public IP address space?
A client of ours gave us 3 IP address, 1 Public Concentator IP, 2 Public IP
addresses to their servers. The servers are running in our client's DMZ.
Is it possible to setup a VPN in this scenario? I had always though VPN
required a Private IP end point?
Any help or clarification would be appreciated!
Thanks!
--
Stan Kee (spamhoneypot@rogers.com) |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Wed Dec 14, 2005 5:13 am Post subject:
Re: SonicWall VPN into DMZ - Public IPs? |
|
|
The VPN will be from two public IP's to each other, to start the
communications, then, depending on the setup, you may have subnet 1 on
your end and subnet 2 on their end - you only want to set the rules to
allow the exact IP/Ports that you need exposed on both end - don't setup
a VPN where you expose subnet 1/24 to subnet 2/24.
So, the two VPN's have to start with Public IP's in order to reach each
other, then the second part is the Internal range they can access, then
the last is what ports/ip inside each range.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Spam Catcher
Guest
|
| Posted:
Wed Dec 14, 2005 5:15 am Post subject:
Re: SonicWall VPN into DMZ - Public IPs? |
|
|
| Quote: | Is it possible to create a VPN tunnel into a public IP address space?
|
Just answering my own question... yes it works. Got it to work with a
SonicWall 3060 thanks to SonicWall Tech Doc.
--
Stan Kee (spamhoneypot@rogers.com) |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Dec 14, 2005 5:22 pm Post subject:
Re: SonicWall VPN into DMZ - Public IPs? |
|
|
| Quote: | Just answering my own question... yes it works. Got it to work with a
SonicWall 3060 thanks to SonicWall Tech Doc.
|
Should work on almost any set of boxes, the fact that the IP's on either end
are public or private really does not matter. However there is one wrinkle
in using publics for the vpn cloud addresses, the box must understand to
route packets bound for those IP's into the tunnel rather than out the
default gateway to the internet. Most decent boxes are fine with this type
of configuration. Then of course there is the slightly separate issue of
mapping the public IP back to a private locally to talk to the actual box in
question, if you aren't literally assigning the public IP to it, which most
people don't.
Many places have gone to this method for all vpn's, since they were forever
having problems with overlapping private IP's amongst connecting parties.
They will only offer, and connect to, public IP's inside their tunnels.
Some places have taken to buying blocks of public IP's strictly for this
purpose (inclusion inside VPNs) that will never be publicly routed on the
Internet. Others just "borrow" them from real internet parties in faraway
places that they never expect to need to reach, which works as long as both
parties agree (ie put them in the tunnel only).
-Russ. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in