Solved

multiple IP switching

Posted on 2011-02-17
7
405 Views
Last Modified: 2013-11-16
Hello Experts, we have a customer that has a need, for security reasons, to mask their ip addresses, they which to instigate automatic multiple IP aliases, european based. They are familiar with the traditional proxy sotware outhere, but would like to know if there is a better solution to enable automatic flow and changeover, ie. an ip address is automatically changed and so on for multiple machines perhaps centrally controlled. They have an adsl line and would like up several machines a a time to have access with some sort of automatic masking of their ip addresses. The constraints of the current proxy software is these types of services pull same type of ip addresses, and these proxy services sometimes use international IP addreses.There is currently a SBS server domain controller and the workstations are XP pro. They are getting in a second adsl line, but would already have a dedicated use for this. However if there is a way of spreading the IP range.
Is there a hardware device / service that can handle this?
0
Comment
Question by:unrealone1
7 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 34922193
Most firewall appliances that have an option to alternate the recorded IP on the outgoing packet.

http://blog.khax.net/2009/12/01/multi-gateway-balancing-with-iptables/

Note VPN and SSL type of connection might have issues with such a setup.
0
 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34928005
If you are trying to "advertise" an address that is not present at your premise you will have to use some sort of off-site proxy.  

You can "spoof" you source address, but that results in a one-way communication path.

I think there may be legality issues with that you are describing as well.....at least in the US.
0
 
LVL 1

Author Comment

by:unrealone1
ID: 34932405
Hi , even from a theoretical angle it would be interesting to know how my question could be achieved. I understand the offsite proxy solution, but is there something more automated, can handle multiple ip masking, if so how could that be done? thaks in advance
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34933593
Lets say you have four IPs  Part of the NAT to the outside mapping deals with directing the conversion to choose one of the four IPs for marking the source of the packet.  i.e.
you try to access http://www.experts-exchange.com your router on the way out picks IP1 to stamp as the source for the packet it sends to the web server when the response arrives, the next requests goes out and is now stamped with IP2, etc.
This is not an issue for non-SSL VPN type traffic.  For an SSL/VPN this will force a renegotiation of the connection on every request for the SSL, for a VPN the connection will spend more time down and renegotiating that it will being connected. The additional complexity in VPNs is that all the IPs have to be configured on the other side as a valid peer.


0
 
LVL 1

Author Comment

by:unrealone1
ID: 35068824
Is there not any hardware boxes that can do this?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35068941
The only box I can think of that may do what you want is a Load Balancer.
One of the best is F5's Big-IP appliances.
http://www.f5.com/products/big-ip/link-controller.html
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 35071078
While F5 are very good and I have not looked at their products recently, the issue the user is looking for is to load balance outgoing traffic not maximize bandwidth for inbound requests.

The IP is the identifying information. whether they have one or twenty, with proper documents, the service from whom the client is getting their connection to the internet will have to disclose the information.

An SSL/VPN connection is established first based on source IP and destination IP. If either side changes, the connection drops and has to be reestablished.
You can have a load balanced VPN i.e. multiple site to site VPNs are up and running. and the connection from LAN1 to remoteLAN2 is routed through VPN1, vpn2, VPN3, VPN4 etc.
In many cases there is an idle timeout on VPN connections such that if the VPN traffic is not load balanced accross the established VPN connections, those that are inactive, will drop and will function as a failover configuration. i.e. the existing VPN drops, and the router on the next access attempt will triffer the negotiation of the VPNs that match the packet destination. You could have the configuration that when a VPN drops, it auto-negotiates/reestablishes the connection.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now