Begin to migrate your hosts to the new subnet by changing the IP and letting them update DNS. (Just duplicate the rules or add the IP to your IP group.)Ĥ. Update your firewall rules to include the new network in parallel with the old one. You've now created a router-on-a-stick.ģ. If you currently have a router, add a secondary address to your LAN port. We could do it over a weekend, the issue is, we're a 24hr company, so it'd have to be with as little downtime as possible.A change like this shouldn't require any extensive downtime.ġ. This can be avoided by assigning the VPN client an address in a different range, as mentioned earlier. Otherwise the main server will try to respond to 192.168.1.5 and assume - you guessed it - that it is on the local subnet. You'll also need to change the address on the incoming remote connection. You can work around this with some cleverness, like using \\myserver10 for remove clients and point that DNS entry to the NATed IP. You could access everything you wanted via the NATed IP directly, but \\myserver would still return 192.168.1.50 (from the main site DNS). It's harder the other way because the remote client has to resolve the main host's name to a NATed IP - that's not normally the situation. So to your remote PC, it would look like traffic was coming from 10.0.1.50 and answering would be a simple route. For example, the server at 192.168.1.50 would try to ping your local PC at 192.168.1.5. You would use pre-VPN NAT to change the IP of your main site resources. It's easy to fix this in the main-to-remote direction. As a result, I can't access anything on the remote side. My PC is going to assume that's an address on my local subnet, not across the tunnel. The remote resource I want is 192.168.1.50. My local IP on my home LAN is 192.168.1.5. Regardless of the IP the VPN client has, the problem occurs when it tries to access resources at the main site. So your LAN users retain the same IP series. That's not going to work. Put a separate scope ( other than 192.168.1.x ) for VPN users on the appliance. Normally a VPN client get IP from VPN server ( or an UTM appliance ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |