Is it possible to create a VPN tunnel into a public IP address space?
A client of ours gave us 3 IP address, 1 Public Concentator IP, 2 Public IP
addresses to their servers. The servers are running in our client's DMZ.
Is it possible to setup a VPN in this scenario? I had always though VPN
required a Private IP end point?
Any help or clarification would be appreciated!
Thanks!
--
Stan Kee (spamhoneypot@rogers.com)
DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
SonicWall VPN into DMZ - Public IPs?
4 posts
• Page 1 of 1
Re: SonicWall VPN into DMZ - Public IPs?
by Leythos » Wed Dec 14, 2005 12:13 am
The VPN will be from two public IP's to each other, to start the
communications, then, depending on the setup, you may have subnet 1 on
your end and subnet 2 on their end - you only want to set the rules to
allow the exact IP/Ports that you need exposed on both end - don't setup
a VPN where you expose subnet 1/24 to subnet 2/24.
So, the two VPN's have to start with Public IP's in order to reach each
other, then the second part is the Internal range they can access, then
the last is what ports/ip inside each range.
--
spam999free@rrohio.com
remove 999 in order to email me
communications, then, depending on the setup, you may have subnet 1 on
your end and subnet 2 on their end - you only want to set the rules to
allow the exact IP/Ports that you need exposed on both end - don't setup
a VPN where you expose subnet 1/24 to subnet 2/24.
So, the two VPN's have to start with Public IP's in order to reach each
other, then the second part is the Internal range they can access, then
the last is what ports/ip inside each range.
--
spam999free@rrohio.com
remove 999 in order to email me
- Leythos
Re: SonicWall VPN into DMZ - Public IPs?
by Spam Catcher » Wed Dec 14, 2005 12:15 am
Is it possible to create a VPN tunnel into a public IP address space?
Just answering my own question... yes it works. Got it to work with a
SonicWall 3060 thanks to SonicWall Tech Doc.
--
Stan Kee (spamhoneypot@rogers.com)
- Spam Catcher
Re: SonicWall VPN into DMZ - Public IPs?
by Somebody. » Wed Dec 14, 2005 12:22 pm
Just answering my own question... yes it works. Got it to work with a
SonicWall 3060 thanks to SonicWall Tech Doc.
Should work on almost any set of boxes, the fact that the IP's on either end
are public or private really does not matter. However there is one wrinkle
in using publics for the vpn cloud addresses, the box must understand to
route packets bound for those IP's into the tunnel rather than out the
default gateway to the internet. Most decent boxes are fine with this type
of configuration. Then of course there is the slightly separate issue of
mapping the public IP back to a private locally to talk to the actual box in
question, if you aren't literally assigning the public IP to it, which most
people don't.
Many places have gone to this method for all vpn's, since they were forever
having problems with overlapping private IP's amongst connecting parties.
They will only offer, and connect to, public IP's inside their tunnels.
Some places have taken to buying blocks of public IP's strictly for this
purpose (inclusion inside VPNs) that will never be publicly routed on the
Internet. Others just "borrow" them from real internet parties in faraway
places that they never expect to need to reach, which works as long as both
parties agree (ie put them in the tunnel only).
-Russ.
- Somebody.
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests