Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VPN Tunnel: IP Question


  • Please log in to reply
1 reply to this topic

#1 SurfNinja

SurfNinja

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:18 AM

Posted 09 March 2017 - 04:06 PM

Hi,

 

Scenario

I need to establish a VPN tunnel between office A and B. Bi directional support is required. Please see details below.

 

Office A

Office A is running a flat level IP Scheme with no VLANS. It's current ip scheme is: 10.1.198.0 /22. A microsoft threat management gateway is installed at this office. Only a small number of people need connectivity to office B. Around 8 people.

 

Office B

Office B would only like office A to access their /28 addresses over the tunnel.

 

Question

What's the cleanest and best way to establish a tunnel between the two sites from an IP perspective? Office A will need to make a /28 range available over the tunnel, but instead of allocating the necessary users with static IP addresses on their workstations is there a better way to manage this tunnel?

 

Appreciate any advice and guidance.

 

Thanks



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 March 2017 - 04:42 PM

You are not concerned about the office LAN subnets[ except that they need to be different at each site] when talking about WAN traffic

The /28 or /22 is a subnet mask and not the actual subnet.

Your users don't need static ips.  You would filter via a firewall vpn policy to only allow those host names access to the vpn.


Edited by Wand3r3r, 11 March 2017 - 04:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users