• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

multiple IP switching

Hello Experts, we have a customer that has a need, for security reasons, to mask their ip addresses, they which to instigate automatic multiple IP aliases, european based. They are familiar with the traditional proxy sotware outhere, but would like to know if there is a better solution to enable automatic flow and changeover, ie. an ip address is automatically changed and so on for multiple machines perhaps centrally controlled. They have an adsl line and would like up several machines a a time to have access with some sort of automatic masking of their ip addresses. The constraints of the current proxy software is these types of services pull same type of ip addresses, and these proxy services sometimes use international IP addreses.There is currently a SBS server domain controller and the workstations are XP pro. They are getting in a second adsl line, but would already have a dedicated use for this. However if there is a way of spreading the IP range.
Is there a hardware device / service that can handle this?
2 Solutions
Most firewall appliances that have an option to alternate the recorded IP on the outgoing packet.


Note VPN and SSL type of connection might have issues with such a setup.
If you are trying to "advertise" an address that is not present at your premise you will have to use some sort of off-site proxy.  

You can "spoof" you source address, but that results in a one-way communication path.

I think there may be legality issues with that you are describing as well.....at least in the US.
unrealone1Author Commented:
Hi , even from a theoretical angle it would be interesting to know how my question could be achieved. I understand the offsite proxy solution, but is there something more automated, can handle multiple ip masking, if so how could that be done? thaks in advance
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Lets say you have four IPs  Part of the NAT to the outside mapping deals with directing the conversion to choose one of the four IPs for marking the source of the packet.  i.e.
you try to access http://www.experts-exchange.com your router on the way out picks IP1 to stamp as the source for the packet it sends to the web server when the response arrives, the next requests goes out and is now stamped with IP2, etc.
This is not an issue for non-SSL VPN type traffic.  For an SSL/VPN this will force a renegotiation of the connection on every request for the SSL, for a VPN the connection will spend more time down and renegotiating that it will being connected. The additional complexity in VPNs is that all the IPs have to be configured on the other side as a valid peer.

unrealone1Author Commented:
Is there not any hardware boxes that can do this?
The only box I can think of that may do what you want is a Load Balancer.
One of the best is F5's Big-IP appliances.
While F5 are very good and I have not looked at their products recently, the issue the user is looking for is to load balance outgoing traffic not maximize bandwidth for inbound requests.

The IP is the identifying information. whether they have one or twenty, with proper documents, the service from whom the client is getting their connection to the internet will have to disclose the information.

An SSL/VPN connection is established first based on source IP and destination IP. If either side changes, the connection drops and has to be reestablished.
You can have a load balanced VPN i.e. multiple site to site VPNs are up and running. and the connection from LAN1 to remoteLAN2 is routed through VPN1, vpn2, VPN3, VPN4 etc.
In many cases there is an idle timeout on VPN connections such that if the VPN traffic is not load balanced accross the established VPN connections, those that are inactive, will drop and will function as a failover configuration. i.e. the existing VPN drops, and the router on the next access attempt will triffer the negotiation of the VPNs that match the packet destination. You could have the configuration that when a VPN drops, it auto-negotiates/reestablishes the connection.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now