USA - static IP mobile communication

pvr

pvr

Dutch
 Ruler of the South East UK
I have configured a number of main VPN tunnels for a client of mine in the UK, whereby some are from the US. All working fine, no problems as they are all using fixed IP addresses in the locations.

One of the reps in the US uses a Sprint card in the laptop whilst on the road. That is causing me a problem as it has a variable IP. I do not want to open the firewall to "agressive" mode connections as I feel that exposes the system. Sprint states that they do not have fixed IP mobile cards, so my question is:

- Are there any fixed IP mobile card providers in the USA that anyone knows off
- Any other way of overcoming this issue for VPN tunnels (I had a look at no-ip.com, but that did not seem to address that particular issue).

Help appreciated :thumbsup:
 
Are you variable IP at home and your office needs a fixed IP or DNS name?
 
Fixed at work, variable at home. Work can take either ip address or dynamic dns name...

I used to be fixed at home as well, but couldnt see the point of having to pay extra for it when dynamic dns works :)
 
I was running a site to site vpn with our Beijing office that way over Juniper firewalls. Biggest problem is if it takes any amount of time for the updated IP to propagate.

You're going to need a client on the PC that will autochange Dynamic DNS's site to update the IP address. My ssg5 at home does this, and Linux is a no brainer and i believe there are apps taht will do it for windows.

Juniper instructions (route based should work basically the same):
To configure a policy based LAN to LAN VPN when one side has a dynamic IP using pre-shared keys, perform the following steps:

This example assumes the static IP address is assigned to site A, and site B gets its IP address dynamically via DHCP.

Configure a gateway for the site A. For more information on configuring a gateway for site A, go to Configuring a Gateway for Site A.

Configure a phase 2 proposal for site A. For more information on how to configure a phase 2 proposal for site A, go to Configuring a Phase 2 Proposal for Site A.

Configure a policy for site A. For more information on how to configure a policy for site A, go to Configuring a Policy for Site A.

Configure a gateway for site B. For more information on how to configure a gateway for site B, go to Configuring a Gateway for Site B.

Configure a phase 2 proposal for site B. For more information on how to configure a phase 2 proposal for site B, go to Configuring a Phase 2 Proposal for Site B.

Configure a policy for site B. For more information on how to configure a policy for site B, go to Configuring a Policy for Site B.
Category DescriptionBy Product » Hardware » Firewalls » NetScreen Firewall/IPSec VPN
By Product » Software » Network Operating Systems » ScreenOS Software
By Network Technology » IP Protocols » Tunneling Protocols » IPSec
 
Andrew_Morris said:
I may be wrong but isn't 2dogs our resident expert on all things IT? :poke:

:popcorn:
Click to expand...
Yes that's me, what would you like to know?... But first things first......What's IT. :tumbleweed:
 
Just have an image of a tunnel you can put Zaino in to make it all smooth :D
 
You must log in or register to reply here.
Back
Top Bottom