Robbt
asked on
Solarwinds Orion
All, I am considering using Solarwinds Orion to set up a small business monitoring service. In trying to come up with a workable model I know I have several things to consider. I am attempting to model this using the Internet as my transport, probably via a VPN tunnel. The most pressing issue I have is that if some of these remote sites are using the same subnet IP's there will be a conflict in the monitoring per customer. So my question(s): Obviously looking for a least cost solution what is best VPN method and how do I resolve the same IP subnet dilemma?
Thanks much Robb
Thanks much Robb
ASKER
Thanks for the information Mike.
I am not an expert on this but am surely learning. Per the link you supplied it appears that this solution would require Policy Based NAT. I must assume that since this will be a service for remote customers (unknown) there will be many flavors of devices I can expect to run in to that may be on differing platforms and may or may not support Policy Based NAT. And that in itself can be a challenge let alone resolving my original question.
While my "ultimate" goal is to creat a $0 dollar setup at remote customer sites ( and no hardware installation) that may not be feasible for the above reasons. I am wondering if i might need to consider a hardware device like a VPN-1 Edge appliancefrom Check Point at customer sites.
Might you have any other suggestions?
Thanks,
Robb
I am not an expert on this but am surely learning. Per the link you supplied it appears that this solution would require Policy Based NAT. I must assume that since this will be a service for remote customers (unknown) there will be many flavors of devices I can expect to run in to that may be on differing platforms and may or may not support Policy Based NAT. And that in itself can be a challenge let alone resolving my original question.
While my "ultimate" goal is to creat a $0 dollar setup at remote customer sites ( and no hardware installation) that may not be feasible for the above reasons. I am wondering if i might need to consider a hardware device like a VPN-1 Edge appliancefrom Check Point at customer sites.
Might you have any other suggestions?
Thanks,
Robb
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mike
My apologies for not communicating sooner. I did take some time to discuss (as advised) various options with a few vendors and took in to consideration that I may have to "request" an interested customer to provide NAT'ng on their end as part of any technical arrangement. Accepting that there just may be some clients that cannot provide the right methodologies for a feasable solution to the problem. I do think that using a "Major" vendor product like CISCO and their ASA devices provides the best possibility of accomplishing what I am looking for. Thank you for your insight as this extended beyond the scope of a "Technical" solution and into the world of a business requirement.
Robb
My apologies for not communicating sooner. I did take some time to discuss (as advised) various options with a few vendors and took in to consideration that I may have to "request" an interested customer to provide NAT'ng on their end as part of any technical arrangement. Accepting that there just may be some clients that cannot provide the right methodologies for a feasable solution to the problem. I do think that using a "Major" vendor product like CISCO and their ASA devices provides the best possibility of accomplishing what I am looking for. Thank you for your insight as this extended beyond the scope of a "Technical" solution and into the world of a business requirement.
Robb
Alot of the detail work will depend on the exact VPN endpoint hardware you are using.
It basically involves Nating the traffic at each endpoint before it is sent to the VPN tunnel.
Have a look at this example:
http://kb.juniper.net/kb/documents/public/ApplicationNotes/Technical/ScreenOS%204.0.0/IP-overlaps-NAT-PAT.htm
That should give you a basic idea of what to expect.
Now to get this implemented, you woul dneed to know what hardware you are going to be running.