Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 137
  • Last Modified:

Route source to destination

I have a customer with an old phone system that uses a VPN between sites.

The phone system incorrectly uses the server IP 192.168.1.50 as the GW and hence cannot connect. The correct GW is 192.168.1.254

Unfortunately the phone's IP settings are not dynamic and nobody knows the password to change the settings.

As the phone is looking to 192.168.1.50 for a gateway instead of 192.168.1.254 is it possible to route all traffic from the phone's IP 192.168.1.10 to 192.168.1.254.

The server is a Windows2003 server.

As the phone only connects with via the VPN there all it's traffic is bound for the VPN.
0
Ethan Darwin
Asked:
Ethan Darwin
  • 4
  • 3
2 Solutions
 
MarcusSjogrenCommented:
Since it seems to be a funky situation already - can't you just add 192.168.1.50 as a secondary IP address on the gateway (192.168.1.254)?
It will be the most logical and easy solution.

Edit: Most logical solution would ofc be to reset the telephones, but I you know... situation is what it is :-)
0
 
Ethan DarwinAuthor Commented:
Hi Marcus, thanks for the suggestion, I had thought of this  however the ip 192.168.1.50 is already in use on the server.
0
 
Fred MarshallPrincipalCommented:
I don't think that adding an IP address that's already in use will work.  It may but that would be surprising.

One approach that comes to mind - which may or may not be acceptable to YOU - would be to change the server and gateway IP addresses so that the gateway matches what the phone system expects.  I have no idea how pervasive the changes to your system would be if you did that.  But, it's surely a solution.  That must be the way it was when the phone system was configured.

Another approach might be to put a router between the phone system and the gateway.  
I've not done this so I have to be honest and say that I don't know how to do it exactly.
So, this is an *idea*.

It would be a "gateway" of sorts for the phone system but there would not be a setting in the phone system.
The phone system would be connected to one side of that router and nowhere else.

This router would be in "Router" mode and not "Gateway" mode or, in other words, no NAT.
Then, in that router, anything destined for 192.168.1.50 would be routed to 192.168.1.254 using an added route in the router.  Here is what I envision:

Added router has two Ethernet ports: Port1 and Port2.
Port1 has address 192.168.1.xx and is connected to the telephone system.
Port2 has address 192.168.1.yy and is connected to the LAN.

Routes in the router:
I'm guessing that you need the phone system to interact on the LAN - that seems necessary for it to do its work.
I'm going to call the telephone system IP address 192.168.1.zz.

The router would have the following routes:
192.168.1.50 192.168.1.yy next hop 192.168.1.254  "to reach anything destined for .50 go to .254"
192.168.1.0 192.168.1.yy                                                "to reach the LAN (otherwise) go to .yy"
0.0.0.0 192.168.1.yy next hop 192.168.1.254              "to reach anything else go to .254"

And, on the gateway router you would have:
192.168.1.zz 192.168.1.zz next hop 192.168.1.yy       "to reach .zz go to .yy"

The first solution is conceptually simpler even if it may seem to be a bit more work.
Perhaps someone else knows if this latter idea will work and how to really do it.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MarcusSjogrenCommented:
Oh - terribly sorry but I missed that it was the server IP.

An fairly bad solution is to enable routing feature in the server, but I wouldn't recommend it.
 What services is this server providing, and is it provided via DNS-name/host name or directly via its IP?

If the clients is accessing it via \\servername\folder for example, it will be a minor job to change the IP since you can run it with two IP addresses for a day or so (while client DNS updates, 192.168.1.50 + 192.168.1.253 for example). Then remove the .50-address and give it to the router.

The only suitable long term solution is to dig in, get your hands dirty and move the IP.
Or reset the phone settings.
0
 
MarcusSjogrenCommented:
and the extra router solution above seems at first of all impossble, because you just don't route some parts of a subnet differently, it's a bad idea.
Secondly you would still have to remove the IP from the server, so you might as well just add it to your current router.

sorry, but it's the only suitable solution if you cannot re-configure the phones.

If it is very important to reach the server via .50, you can also setup NAT for the interesting ports and forward them to the server.
0
 
Ethan DarwinAuthor Commented:
Thanks for the excellent feedback and suggestions. I think the simplest solution is to assign 192.168.1.50 to the router and reconfig the LAN to reflect the new router IP.

Once face value I think it should be a relatively straight forward process however experience has taught me there is no such thing...
0
 
Ethan DarwinAuthor Commented:
p.s. They found the password :)
0
 
MarcusSjogrenCommented:
Normally the router can have both .50 and .254 address so it would require minimum effort :-)

Haha, good to hear. Good luck!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now