Setup:
Office A – Juniper Netscreen SSG5 (Static IP)
Office B – Juniper Netscreen SSG5 (Dynamic IP)
Both offices are connected to one another via a VPN tunnel using the SSG5
I came across an issue recently where we had remote hosted servers locked down to a certain IP address (Office A) and we needed office B to access those servers from there office using the Dynamic IP. The way I found around this was to redirect certain traffic over the VPN from office B to Office A, then display the IP as the Static IP from office A to access the servers.
I won’t go through setting up the VPN between the offices as I am assuming this is already done with the following settings.
- The VPNs are setup using tunnels
- The VPNs are working in both directions
- The Policies used are set to allow ANY service through for this test setup.
Office A
- Login into the Juniper and select Policy > Policies.
- In the from dropdown select untrust. From the To dropdown select untrust and then click New.
- Source Address: Select the as the office B LAN.
- Destination LAN: Select Any (or to make it more secure create an Address List for the hosted servers and select them).
- Service: Select the required service (i.e. RDP) or select ANY to allow everthing through.
- Logging: enable this setting
- Click Advanced
- Source Translation: Tick this option
- (DIP on): Select None (Use Egress Interface IP)
- Enable any other relevant settings you require.
- Click OK
- Click OK
- Office B
- Select Network > Routing > Destination
- Click New (Top Right Corner)
- IP Address/Netmask: Enter the external server IP and mask. If it is a single IP use the mask as 32
- Gateway: Enable this option
- Interface: Select the interface as the tunnel interface for the VPN to Office A.
- Gateway IP Address: Enter the internal IP of the Juniper Netscreen for Office A
- Permanent: Enable this option
- Description: I would enter a description here such as the hosted server name
- Click OK
You should have access to the hosted server now. You could if you wanted direct all traffic over the VPN by adding the IP Address/Netmask as 0.0.0.0/0.
One Comment
Leave a Reply
Office 365 Updates
- Administrative Template files (ADMX/ADML) and Office Customization Tool for Office 365 ProPlus, Office 2019, and Office 2016This download includes the Group Policy Administrative Template files (ADMX/ADML) for Office 365 ProPlus, Office 2019, and Office 2016 and also includes the OPAX/OPAL files for the Office Customization Tool (OCT) for Office 2016.
- Office Deployment ToolThe Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Office 365 ProPlus, to your client computers.
- Readiness Toolkit for Office add-ins and VBAThe Readiness Toolkit for Office add-ins and VBA helps you identify compatibility issues with your Microsoft Visual Basic for Applications (VBA) macros and your installed add-ins. Use this tool to inspect VBA macro code and get readiness information for installed Office add-ins.
Microsoft Security Updates
- Security Update For Exchange Server 2016 CU11 (KB4487563)Security Update For Exchange Server 2016 CU11 (KB4487563)
- Security Update For Exchange Server 2013 CU22 (KB4487563)Security Update For Exchange Server 2013 CU22 (KB4487563)
- Security Update For Exchange Server 2019 (KB4487563)Security Update For Exchange Server 2019 (KB4487563)
- Update Rollup 27 For Exchange 2010 SP3 (KB4491413)Update Rollup 27 For Exchange 2010 SP3 (KB4491413)
- Security Update For Exchange Server 2019 CU1 (KB4487563)Security Update For Exchange Server 2019 CU1 (KB4487563)
Cisco Security Advisories
- Cisco Wireless LAN Controller Software GUI Configuration Denial of Service VulnerabilitiesMultiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid […]
- SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE SoftwareThe Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 […]
- Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution VulnerabilityA vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster […]
- Cisco Identity Services Engine SSL Renegotiation Denial of Service VulnerabilityA vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests […]
Thanks this blog helped me out loads.