Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
3
Replies

How to Use Cisco Client VPN on a PC with dynamic IP

otnj2ee
Level 1
Level 1

‎10-06-2005 04:18 PM - edited ‎02-21-2020 02:01 PM

Suppose I have a remote firewall (pix), to which a web and a database servers are connected. Now I want to connect to this firewall via the internet by using the VPN technology.

In my office (located remotely) my PC, along 15 other PCs, are connected to a Cisco 877 router which dynamically assign the IP addresses to each of the PC on the LAN via DHCP (ADSL connection).

I'll install the Client VPN on my PC. For this (LAN) architecture, can I "build up" a VPN channel from my PC to the firewall to access the web and database servers?

If so, can I only make my PC has the access to the VPN channel, while deny the rest of PCs in my office (I do not want the rest to access the VPN)?

The key thing and the problem here is that I can not assign a static IP address to my PC. Why? Because I am using the ADSL service from a ISP company. The IP I got is a dynamic one. If I want my PC to be static IP, I have to have the whole office's PC to go static (IP). In that case, I'll have to upgrade to a more expensive service.

With the service plan I am now having, it is relatively cheaper because the IP is dynamic. Now I just wonder if the Cisco's client VPN software will resolve this issue, i.e., even if my PC is DHCP assigned IP, I would still be able to build up a channel with the remote servers? If so, how to do it?

Many thanks.

Scott

Labels:
0 Helpful
3 Replies 3

bobd
Level 1
Level 1

‎10-08-2005 06:59 AM

If I understand your question, you are asking how to create a VPN connection from a single workstation on your network to a remote PIX firewall, as opposed to a LAN to LAN vpn. This is easily accomplished by following the steps at this link.

http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

Other sample configuration options are available at:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

Bob

0 Helpful

otnj2ee
Level 1
Level 1
In response to bobd

‎10-08-2005 10:06 AM

Thanks for response. Yes, it is from a single work station to the PIX firewall. There are two servers connected to the firewall, one is a Web Application Server located in the DMZ, while another (the database server) located behind the firewall.

What I try to do is to remotely manage/maintain these two servers via the VPN. It is just the client/workstaion does not have a static IP but dynamically assigned by the router. It seems the Cisco Client VPN will do. How about the Windows XP's built in VPN. Does it have the same function?

Another issue is if the remote firewall is also dynamically assigned the IP, instead of the static one. In this case, if I want to access the web and database servers, do not how to do it.

Thanks

0 Helpful

bobd
Level 1
Level 1
In response to otnj2ee

‎10-09-2005 06:15 AM

If you use the Windows XP client to attach directly to the Web Application or database server you would have to enable the support on the server and open additional ports on the firewall to permit the traffic through. The Cisco VPN client would probably be a better solution for you.

To work around the remote firewall dynamic IP, check out the services at

http://www.dyndns.com/services/dns/dyndns/

Dynamic DNS services would allow you to alias the dynamic IP assigned to your firewall to a static hostname. You would configure your VPN client to attach to the hostname instead of a static IP address.

Bob

0 Helpful
Customers Also Viewed These Support Documents