Solved

VPN / Remote Access setup with dynamic IP addressing

Posted on 2004-04-19
5
2,665 Views
Last Modified: 2010-04-12
I have a client who has an office that uses a Cable internet connection.  The ISP provides dynamic IPs.  While the IP address is ever changing, I could never fathom how a VPN can be setup in such a manner.  However, I believe I have either heard or seen seomewhere that VPN or some kind of remote access capability is possible with this type of configuration.  

On the inside, the Internet connection comes across the cable modem and then over a Netgear router (don't know the model off hand, but it's less than a year old).  The Netgear router then deploys internal IP addresses to all machines inside the office, one of them being the 2000 Server where the files reside.

Basically, I'm looking for an overview of what is needed to be able to setup any kind of remote access capability in this environment.  This is an area that I have never dabbled in, but having been in Technology for a few years now, explanations should come to me pretty well.

Thank you in advance for your assistance.
0
Comment
Question by:djhath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 10868234
Couple of things you can do.
1. Cable addresses are not as dynamic or changing as you think. Mine has changed exactly once in 4 years. They reserve 1 IP for your MAC address and that's it unless they have to change the subnet for some internal reasons.
2. Use dynamic dns registration and use the dns name vs the IP address
3. Possibly, the Netgear has a "DMZ Host" entry where you can put the private IP address of the Win2k server
4. Setup RRAS/PPTP server on the Win2k system (and a good software firewall)
5. Set up Microsoft VPN client on remote clients
6. Enjoy

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10868982
Either you setup a VPN client, which connects to the static public IP you have in your office, or you setup a site-to-site VPN using dynamic crypto maps.
I'm not sure how well the Netgear will respond to dynamic crypto maps, but it is more to do with the type of VPN router you use at the other end, as this is the device that will need to setup the dynamic maps.
So - what device do you have at your end ??


0
 
LVL 3

Author Comment

by:djhath
ID: 10882545
The router is a Netgear RP614v2.

The ultimate objective is to have a setup where multiple employees will be able to login from home.
0
 
LVL 7

Expert Comment

by:sftweng
ID: 10908898
Re: lrmoore's point #2, have a look at dynamic naming service from http://www.tzo.com or http://www.dyndns.org.

You should try to use a static internal IP address for the server rather than using the Netgear's DHCP service for it, and ensure that the router is set up to passthrough PPTP or L2TP.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10913925
Also consider running 2x Cisco routers with 3DES feature sets.  Full IPSEC failover is supported, so that if one router dies, the other will resume connectivity.  These can also be setup with dynamic crypto maps, so that a Netgear or any other VPN router for that matter can use an 'unknown' IP address to create a VPN tunnel, as long as a pre-shared key is known ?
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question