Solved

Change the IP address on Clients

Posted on 2008-10-01
2
481 Views
Last Modified: 2013-11-16
Our company network consists of a few hundred laptops all of which have Checkpoint VPN configured with the site IP.

We are moving out datacentre and will need to update the IP on all of our laptops. I want to deploy a script remotely which will transparently update the site IP address. The script works however it causes a certificate problem and the users would be unable to connect.

If the laptop connects to VPN while still on the LAN after the change the certificate problem is not an issue. However we cannot expect all users to be able to do that.

Is there anyway to update the certificate at the same time as running the script. It would be even nicer if there was a checkpoint tool.

I appreciate all your help.
0
Comment
Question by:Lotok
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22614710
In order to update the cert, you would have to issue a new one.  This is presuming that it was issued to the IP address and that the clients connect to that IP address instead of an FQDN.  If you have a DNS name, you might consider issuing to that instead and having the IP address as a SAN (Subject Alternate Name) - many commercial CA's will allow you to do this, if you don't see it just look at their FAQ or contact their support for specifics.  Essentially, whatever address is entered is what needs to match the cert.

As this is a purposeful change, I would not expect that they would reissue under your previous order - you would have to purchase a new cert.  However, it never hurts to ask - since the cert is for the same box there may be some vendors that might accept that as a free reissuance.

If this is your own CA, I will presume a Microsoft CA - when you pass the CSR through the Certsrv page, there is an Attributes box that you can use to enter SAN:IP=192.168.0.1 (or SAN:DNS=vpn.yourdomain.com)

Certs are used by software, the software creates the CSR but does not have a way to 'update' it, so to speak, without the help of the CA.  There may be an update or replace function in most softwares, but that is just handling the new cert vs the old, not actually doing it to itself.

If this is a self signed cert, then just go through the process to create a new self signed cert and push that to clients as you would have done before, presumably GPO.

If you need anything more specific, let me know.
0
 
LVL 8

Author Closing Comment

by:Lotok
ID: 31501972
Concluded from your info and our network guys, it cant be done as I intended. Sorry for late close, been away.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question