Setup:
Office A – Juniper Netscreen SSG5 (Static IP)
Office B – Juniper Netscreen SSG5 (Dynamic IP)
Both offices are connected to one another via a VPN tunnel using the SSG5
I came across an issue recently where we had remote hosted servers locked down to a certain IP address (Office A) and we needed office B to access those servers from there office using the Dynamic IP. The way I found around this was to redirect certain traffic over the VPN from office B to Office A, then display the IP as the Static IP from office A to access the servers.
I won’t go through setting up the VPN between the offices as I am assuming this is already done with the following settings.
- The VPNs are setup using tunnels
- The VPNs are working in both directions
- The Policies used are set to allow ANY service through for this test setup.
Office A
- Login into the Juniper and select Policy > Policies.
- In the from dropdown select untrust. From the To dropdown select untrust and then click New.
- Source Address: Select the as the office B LAN.
- Destination LAN: Select Any (or to make it more secure create an Address List for the hosted servers and select them).
- Service: Select the required service (i.e. RDP) or select ANY to allow everthing through.
- Logging: enable this setting
- Click Advanced
- Source Translation: Tick this option
- (DIP on): Select None (Use Egress Interface IP)
- Enable any other relevant settings you require.
- Click OK
- Click OK
- Office B
- Select Network > Routing > Destination
- Click New (Top Right Corner)
- IP Address/Netmask: Enter the external server IP and mask. If it is a single IP use the mask as 32
- Gateway: Enable this option
- Interface: Select the interface as the tunnel interface for the VPN to Office A.
- Gateway IP Address: Enter the internal IP of the Juniper Netscreen for Office A
- Permanent: Enable this option
- Description: I would enter a description here such as the hosted server name
- Click OK
You should have access to the hosted server now. You could if you wanted direct all traffic over the VPN by adding the IP Address/Netmask as 0.0.0.0/0.
One Comment
Leave a Reply
Office 365 Updates
- Microsoft Hybrid Cloud for Enterprise ArchitectsThis poster tells the cross-cloud story on hybrid cloud architecture and scenarios for Azure, Office 365, Microsoft Intune, and Dynamics 365.
- Microsoft 365 helps create a secure modern workplaceMicrosoft uses Microsoft 365 security technologies to help create a productive and more secure workplace. With Microsoft 365, we’re enhancing our identity protection, information protection, and threat protection—and streamlining our security management through a tightly integrated set of tools.
- Identity and Device Protection for Office 365Get an overview of recommended capabilities for protecting identities and devices that access Office 365, other SaaS services, and on-premises applications published with Azure AD Application Proxy.
- Automating data protection with Azure Information Protection scannerAs part of our strategy to provide end-to-end protection of sensitive data, Microsoft is using the Azure Information Protection scanner to automatically discover, label, and protect our sensitive data in on-premises data stores—even in PDFs and RMS-encrypted files.
- Office Deployment ToolThe Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office, such as Office 365 ProPlus, to your client computers.
Microsoft Security Updates
- An error has occurred, which probably means the feed is down. Try again later.
Cisco Security Advisories
- Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018On November 5, 2018, the Apache Struts Team released a security announcement urging an upgrade of the Commons FileUpload library to version 1.3.3 on systems using Struts 2.3.36 or earlier releases. Systems using earlier versions of this library may be exposed to attacks that could allow execution of arbitrary code or modifications of files on […]
- Cisco Prime License Manager SQL Injection VulnerabilityA vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious […]
- Cisco Energy Management Suite Default PostgreSQL Password VulnerabilityA vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging […]
- Cisco Webex Meetings Desktop App Update Service Command Injection VulnerabilityA vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An […]
Thanks this blog helped me out loads.