Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Site to siteVPN between public ip and private ip
From: "David Swafford" <dswafford () alterhighschool org>
Date: Mon, 29 May 2006 08:41:32 -0400

Hi Mutthu,

This is an interesting senerio.  Please correct me if I am assuming
incorrectly on any of this.  From what I have read it seems that
basically your office in CA has no control over the router/firewall at
that location (nor do you), in addition they are probably running off of
some type of dynamic pulic IP situation (it is a small or large

Personally I think it is very scary to think that you are doing business
and using another company's network to handle your data (besides a
service provider).  In this situation you are basically not able to
control what is going into or out of the CA office, this includes
massive virues/worms that could spread from other users in the same
logical network (though maybe not from your company but from others
sharing it with you).  My personal suggestion would be to get a separate
dedicated interent connection for your office only and not use the
"provided" one.  Then you can setup however you would like.  If its a
small office then this isn't all that much money, maybe look at getting
a business class DSL line with a static IP for the firewall/router. 
Then you can configure VPN from endpoint to endpoint whatever firewall
you might be using.  If you end up getting a separate router then you
could place the firewall in the DMZ at your remote office and VPN
through that.

Also question for you --- "We have now bought a program which is not
support to run on TS, so we now have to giveup the TS and find the way
to connect the CA to NYC".  Do you mean Terminal Server or T1 serial
leased lines?  I was not sure what you menat by this.

David A. Swafford
Archbishop Alter High School
Information Technology Team, Network Engineer

A Cisco CCNA and a CompTIA Network+ and Security+ Certified Professional

ratna1504 () yahoo com  >>>
We have HQ in NYC and a remote office in CA, the users in CA office in
another companies's network(landloard is providing internet connection).
  At present our CA user's PC are getting NATed ip (10.0.10.*) from
landload's network to connect to internet then they are using RDP to
connect our NYC office..
  We have now bought a program which is not support to run on TS, so we
now have to giveup the TS and find the way to connect the CA to NYC. 
  We now want to setup VPN.
  is it possible to setup VPN, if our CA pix get private ip for it's
external interface?
  thank you for your help in Advance.

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great
rates starting at 1ยข/min.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]