What are the standards these days in setting up a VPN tunnel?

We have now had several companies require that we use Public IP addresses inside VPN tunnels when setting them up.  We are not a large company and may not be able to afford purchasing a bunch of Public IP addresses for this purpose.  What happened to agreeing on an intermediate Private IP range using NAT or even using one side or the other's Private IP range and NAT?  Are the times changing and we are falling behind?  Should we be changing our standards or are these isolated companies that aren't playing nice?  What are the standards these days?
denverjayeAsked:
Who is Participating?
 
Rob WilliamsCommented:
>>"you CAN connect two Private IP ranges over the internet using one.  All you have to do is either make sure the both companies are not using the same subnets or set up an intermediate network and use NAT."
Correct, and that is the norm. However, I too have run into a few situations, mostly with the automotive industry, that require all machines have a public IP as you have stated. I certainly wouldn't call it a new trend, as a matter of fact the ones I have run into are rather antiquated. This is why we are having to adopt IPV6, as you say we are running out of public IP's due to this. I suspect with IPV6 you may see more of it. Every device including your refrigerator may have it's own public IP. According to a recent Cisco web session I saw, IPV6 will allow every person on earth to have more than 1000 public IP's. Manage those <G>.
0
 
Rob WilliamsCommented:
For a VPN to work it usually requires that at least one end has a static Public IP. However, if you are installing a VPN router you can establish any number of tunnels using that one static IP. The remote end, if a VPN software client can use any IP static or dynamic, and if it is another VPN router, many (not all) can be used with a DDNS (Dynamic Domain Name Service) and a dynamic IP.
0
 
denverjayeAuthor Commented:
I know that you need both ends to have a Public IP endpoint for the VPN routers to be able to communicate with each other.  What I am finding is that a few companies are requiring that the addresses used inside the tunnel are Public IP addresses as well.  One of the nice things about a VPN tunnel is that you CAN connect two Private IP ranges over the internet using one.  All you have to do is either make sure the both companies are not using the same subnets or set up an intermediate network and use NAT.  There is no need for wasting costly Public IP addresses inside the tunnel.  My question is is this a new trend or are these few companies being unreasonable in their requirements?
0
 
Rob WilliamsCommented:
Thanks denverjaye.
Cheers !
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.