Setup:
Office A – Juniper Netscreen SSG5 (Static IP)
Office B – Juniper Netscreen SSG5 (Dynamic IP)
Both offices are connected to one another via a VPN tunnel using the SSG5
I came across an issue recently where we had remote hosted servers locked down to a certain IP address (Office A) and we needed office B to access those servers from there office using the Dynamic IP. The way I found around this was to redirect certain traffic over the VPN from office B to Office A, then display the IP as the Static IP from office A to access the servers.
I won’t go through setting up the VPN between the offices as I am assuming this is already done with the following settings.
- The VPNs are setup using tunnels
- The VPNs are working in both directions
- The Policies used are set to allow ANY service through for this test setup.
Office A
- Login into the Juniper and select Policy > Policies.
- In the from dropdown select untrust. From the To dropdown select untrust and then click New.
- Source Address: Select the as the office B LAN.
- Destination LAN: Select Any (or to make it more secure create an Address List for the hosted servers and select them).
- Service: Select the required service (i.e. RDP) or select ANY to allow everthing through.
- Logging: enable this setting
- Click Advanced
- Source Translation: Tick this option
- (DIP on): Select None (Use Egress Interface IP)
- Enable any other relevant settings you require.
- Click OK
- Click OK
- Office B
- Select Network > Routing > Destination
- Click New (Top Right Corner)
- IP Address/Netmask: Enter the external server IP and mask. If it is a single IP use the mask as 32
- Gateway: Enable this option
- Interface: Select the interface as the tunnel interface for the VPN to Office A.
- Gateway IP Address: Enter the internal IP of the Juniper Netscreen for Office A
- Permanent: Enable this option
- Description: I would enter a description here such as the hosted server name
- Click OK
You should have access to the hosted server now. You could if you wanted direct all traffic over the VPN by adding the IP Address/Netmask as 0.0.0.0/0.
One Comment
Leave a Reply
Cisco Security Advisories
- Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to […]
- Cisco IOS XR Software Command Injection VulnerabilityA vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker […]
- Cisco Small Business RV Series Routers Link Layer Discovery Protocol VulnerabilitiesMultiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For […]
- Cisco AnyConnect Secure Mobility Client Denial of Service VulnerabilityA vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied […]
Thanks this blog helped me out loads.