Find the answer to your Linux question:
Results 1 to 2 of 2
This is my challenge: 1) We have a provider that provides us with Global Private Network solution. 2) All our sites are connected to this GPN and can communicate af ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2013
    Posts
    1

    Howto create dedicated tunnels ip2ip between different ip segments?


    This is my challenge:
    1) We have a provider that provides us with Global Private Network solution.
    2) All our sites are connected to this GPN and can communicate af is it was one big LAN (each site has different segment, but any segment can be reached from any segment)
    3) GPN has access to Internet, but at providers site, so out of my direct reach
    4) I have several suppliers of machinery that want access to the equipment they have delivered onsite. I want to give them acces to only just that device and nothing else
    5) VPN tunnels are possible, but very limited and I would like to find away around VPN tunnels if possible
    6) I would like to create dedicated onsite VLANs for each supplier to keep their networks separated from eachother and to isolate them from our GPN locations and all devices pn generic GPN.
    7) some of the devices in these VLANs need to communicate directly to eachother. So Device1 on VLAN51 needs to communicate to Device2 on VLAN52 (Dedicated ip/port)

    I see 2 challenges:
    1) Incidental remote access (from Internet) for support by the supplier on their equipment (in their own local VLAN). So only provide access when requested and for limited time
    2) Constant point2point access between IP's on different VLAN's

    I forsee a possible solution:
    1) Create a central VMWare Server with access to all VLAN's and proper security of course. Only ICT personel can start/stop VMWare instances on this server.
    2) Create VMWare instances that function as stepstone's between GPN and one of the VLAN's. Also secure and limited to just the VLAN range and not GPN (other then own IP and gateway?)
    3) Create NAT from public GPN-IP/port to internal GPN-IP/port of stepstone (for RDP or dedicated port that is relayed to IP/port in VLAN)
    4) For dedicated tunnels, use a linux box, or a dedicated routing device (cisco?) with dedicated routes with proper security (firewalls and such)

    I would really like to have this approach reviewed or to hear other suggestions..

    many thanks in advance!

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    917
    I think your company should hire a network engineer as a consultant. Personally, I would buy a real VPN device, you can setup each account with access to whatever network segments you want.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •