[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2671
  • Last Modified:

VPN / Remote Access setup with dynamic IP addressing

I have a client who has an office that uses a Cable internet connection.  The ISP provides dynamic IPs.  While the IP address is ever changing, I could never fathom how a VPN can be setup in such a manner.  However, I believe I have either heard or seen seomewhere that VPN or some kind of remote access capability is possible with this type of configuration.  

On the inside, the Internet connection comes across the cable modem and then over a Netgear router (don't know the model off hand, but it's less than a year old).  The Netgear router then deploys internal IP addresses to all machines inside the office, one of them being the 2000 Server where the files reside.

Basically, I'm looking for an overview of what is needed to be able to setup any kind of remote access capability in this environment.  This is an area that I have never dabbled in, but having been in Technology for a few years now, explanations should come to me pretty well.

Thank you in advance for your assistance.
0
djhath
Asked:
djhath
1 Solution
 
lrmooreCommented:
Couple of things you can do.
1. Cable addresses are not as dynamic or changing as you think. Mine has changed exactly once in 4 years. They reserve 1 IP for your MAC address and that's it unless they have to change the subnet for some internal reasons.
2. Use dynamic dns registration and use the dns name vs the IP address
3. Possibly, the Netgear has a "DMZ Host" entry where you can put the private IP address of the Win2k server
4. Setup RRAS/PPTP server on the Win2k system (and a good software firewall)
5. Set up Microsoft VPN client on remote clients
6. Enjoy

0
 
Tim HolmanCommented:
Either you setup a VPN client, which connects to the static public IP you have in your office, or you setup a site-to-site VPN using dynamic crypto maps.
I'm not sure how well the Netgear will respond to dynamic crypto maps, but it is more to do with the type of VPN router you use at the other end, as this is the device that will need to setup the dynamic maps.
So - what device do you have at your end ??


0
 
djhathAuthor Commented:
The router is a Netgear RP614v2.

The ultimate objective is to have a setup where multiple employees will be able to login from home.
0
 
sftwengCommented:
Re: lrmoore's point #2, have a look at dynamic naming service from http://www.tzo.com or http://www.dyndns.org.

You should try to use a static internal IP address for the server rather than using the Netgear's DHCP service for it, and ensure that the router is set up to passthrough PPTP or L2TP.
0
 
Tim HolmanCommented:
Also consider running 2x Cisco routers with 3DES feature sets.  Full IPSEC failover is supported, so that if one router dies, the other will resume connectivity.  These can also be setup with dynamic crypto maps, so that a Netgear or any other VPN router for that matter can use an 'unknown' IP address to create a VPN tunnel, as long as a pre-shared key is known ?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now