Setup:
Office A – Juniper Netscreen SSG5 (Static IP)
Office B – Juniper Netscreen SSG5 (Dynamic IP)
Both offices are connected to one another via a VPN tunnel using the SSG5
I came across an issue recently where we had remote hosted servers locked down to a certain IP address (Office A) and we needed office B to access those servers from there office using the Dynamic IP. The way I found around this was to redirect certain traffic over the VPN from office B to Office A, then display the IP as the Static IP from office A to access the servers.
I won’t go through setting up the VPN between the offices as I am assuming this is already done with the following settings.
- The VPNs are setup using tunnels
- The VPNs are working in both directions
- The Policies used are set to allow ANY service through for this test setup.
Office A
- Login into the Juniper and select Policy > Policies.
- In the from dropdown select untrust. From the To dropdown select untrust and then click New.
- Source Address: Select the as the office B LAN.
- Destination LAN: Select Any (or to make it more secure create an Address List for the hosted servers and select them).
- Service: Select the required service (i.e. RDP) or select ANY to allow everthing through.
- Logging: enable this setting
- Click Advanced
- Source Translation: Tick this option
- (DIP on): Select None (Use Egress Interface IP)
- Enable any other relevant settings you require.
- Click OK
- Click OK
- Office B
- Select Network > Routing > Destination
- Click New (Top Right Corner)
- IP Address/Netmask: Enter the external server IP and mask. If it is a single IP use the mask as 32
- Gateway: Enable this option
- Interface: Select the interface as the tunnel interface for the VPN to Office A.
- Gateway IP Address: Enter the internal IP of the Juniper Netscreen for Office A
- Permanent: Enable this option
- Description: I would enter a description here such as the hosted server name
- Click OK
You should have access to the hosted server now. You could if you wanted direct all traffic over the VPN by adding the IP Address/Netmask as 0.0.0.0/0.
One Comment
Leave a Reply
Office 365 Updates
- Administrative Template files (ADMX/ADML) and Office Customization Tool for Office 365 ProPlus, Office 2019, and Office 2016This download includes the Group Policy Administrative Template files (ADMX/ADML) for Office 365 ProPlus, Office 2019, and Office 2016 and also includes the OPAX/OPAL files for the Office Customization Tool (OCT) for Office 2016.
Microsoft Security Updates
- An error has occurred, which probably means the feed is down. Try again later.
Cisco Security Advisories
- Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow VulnerabilityA vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, […]
- Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass VulnerabilityA vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that […]
- Cisco Firepower Threat Defense Software HTTP Filtering Bypass VulnerabilityA vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that […]
- Cisco Firepower Threat Defense Software Stream Reassembly Bypass VulnerabilityA vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an […]
Thanks this blog helped me out loads.