Re: vpn hardware solution

On Sep 11, 5:25 am, jack masters <jcfmast...@xxxxxxxxx> wrote:
Larry Erickson wrote:
Hello, first let me say that I am not a network expert at all, and
also thanks to whoever takes the time to read this.   I work for a
company that makes industrial monorail systems for the laundry
industry.  We will go into large industrial buildings and install many
different network devices including computers, plcs,  and remote IO
devices.  All of our devices need to have static IP address.  We need
to troubleshoot our devices remotely and most often we accomplish them
by making the facility provide us with a dedicated phone line to our
main PC, which although slow, is very reliable and simple to set up.
Some customer are unwilling to give us phone lines and give us only a
network connection and set up a VPN for us.  This works but currently
it seems that different IP departments set up VPNs differently, and
sometimes we need special software  to connect.  We also don't know
how to make these VPN's work without changing all of our network
devices IP address (sometimes over 100 devices) to match the  IPs of
the VPN we are given.  We would love to always go with  VPN
connections over a phone line because of the speed and other features
we could use of having our systems on the internet, but would like
them to work the same all the time and not require us to change the IP
addresses of our devices.  We were wondering if there was perhaps a
hardware solution for this.  Perhaps we could provide our customer
with some type of VPN router that we tell our customers to just give
internet too?  Should we have too network cards in our main PC?  I
really have no idea how this type of networking works, but I feel that
a solution for a problem exists.  Thanks.

Same problem here, different customers have different VPN
implementations, IP ranges and restrictions. Most customers will not let
you put anything on their network that connects directly to the internet
and is outside their direct control. The current solution is to use a
separate (minimal) virtual machine for each customer, and let the
customers' IT support install whatever they deem necessary on that to
get a VPN link working. VM goes back to the office, gets installed on a
common server, and whoever needs to do support for that customer
connects to the VM.

If you like to keep your static IP address layout the same across
multiple installations, you will need to separate your control network
completely from the client's network, in case a client also uses that
range on their network (a good idea anyway for other reasons) and run
another tunnel (e.g. VPN or SSH with port forwarding) into that. Most
major network vendors sell boxes that can be (ab)used for that,
alternatively a small headless PC-like device (Soekris or similar) with
two network adapters and Linux will do the job.

J.


Thanks a lot for your response. It is nice to know that other people
have similar situations. I am pretty unfamiliar with
virtual machines so I have a couple more questions. First, what is
the reason most customers will not let you
connect directly to the internet? Is is security, cost, or another
reason? Is there anything that can be done to make
this idea more appealing to customers? Also if you could connect
directly to the internet, what would be the best way
to remotely connect?

We do like to keep all of our static IP address layouts the same
across all our installations. As far as the virtual
machine solution goes, what do you recommend using for a windows
platform. I think you were saying to set up our
normal network setting on our main pc, and then install a virtual
machine on that pc also which the customers IT
department installs their VPN link software. We then connect through
the VPN to our pc's virtual machine, in which we can
access our other network devices somehow. In your last paragraph,
are you saying that we should always be using two
network cards, or use a hardware solution that can provide the same
thing? Sorry for all the questions, and again thanks for
responding.

Larry

.

Relevant Pages

  • Re: vpn to either xp pro or 2000 pro desktop
    ... drives/machines outside each network.. ... I can have her log into her machine with the same vnc viewer over the vpn.. ... have to install PRO on the laptop also or does that matter? ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: vpn hardware solution
    ... network connection and set up a VPN for us. ... different customers have different VPN ... customers' IT support install whatever they deem necessary on that to ...
    (comp.dcom.vpn)
  • Re: XP NETWORK HELP PLEASE
    ... The gigabit switch feeds the ... router not to broadcast the ssid and have a hidden mapped network drive ... dispatch log on one screen and our customers in-house proprietary software on ... We use Cisco's VPN software that came to us via a disk from ...
    (microsoft.public.windowsxp.general)
  • Security and VPN
    ... How secure is VPN. ... if my users take home the client and install it on their ... network, wheat are we really looking at. ... Are they secure or not. ...
    (Pen-Test)
  • RE: Security and VPN
    ... We have many of our employees who worked from home. ... VPN is that they are extending their network out to the VPN endpoint. ... if my users take home the client and install it on their ...
    (Pen-Test)