Hello

I’ve got a Windows domain which sits behind a Cisco firewall connected with a leased line. The IP of the line is 79.xxx.xxx.xx and the server runs the DHCP with 192.168.xxx.xxx upwards.

I want to add a Cisco router configured for VPN at home over my fibre line to access the network and a SIP extension: if I configure the router for VPN will the server see the remote computer as if connectd over the LAN and issue a 192.xxx.xxx.xxx address? If the IP address is reserved to the MAC address, will it pick it up? If so, I’m thinking on top of the SIP extension and access to the server it would be really handy for the offsite bare metal back ups rather than messing around every week with removable drives (assuming the server sees the drive as a local drive)?

No experience of VPN in this way, appreciate a quick steer…

Craig

If I’m understanding what you are asking correctly; your home computer and SIP phone will get their local IP addresses from your Fibre Router on whatever private subnet is configured on there. The VPN will tunnel these addresses between your home connection and office connections using the 2 public IP addresses. You would not need to reserve the IP addresses using MAC Addresses of the home devices on the office server. I wouldn’t see any issue using this method of remote backup, other than it maybe being a bit slow (depending on the amount of data) and using up any capped limits on data your provider might impose.
RM.

Educated guess: No.
At least it doesn’t work this way over Juniper VPN…

What chojin says: no, the remote comp will not pick up a DHCP-issued address from the server.

Thanks for replying RM, that is what I am asking.

I was hoping that if I configured the Cisco router at home behind my existing router, then anything plugged into it would be seen by the server as a device on the LAN… But it sounds like you’re saying that it wouldn’t, but also that it wouldn’t matter as the VPN will effectively translate between the two subnets?

Sorry, thanks all. I typed that after only one reply…

The vpn will do that; bear in mind that the remote comp may need a static route to the ‘home’ subnet too.

Ah right, I’m sorry I didn’t read the bit about the Cisco Router being at home behind your router. You are right about what I said above but what you are after is, apparently, possible (much more geeky than I’ve ever got) but I couldn’t see why you’d want to? Your server will still see your home computer as connected using shared / mapped drives etc.
RM.

Here’s an old post I wrote on the Petri forums years back- guy was looking for a fairly simple PIX config for smtp email in/out. You sound like you know what you’re maybe doing but maybe this might help.

(Not sure if you’re using a PIX or an ASA)

http://forums.petri.com/showthread.php?t=11619

Not really sure what I’m doing, to be fair, as you can probably tell 😉

The telephone server we have can only be connected to through a client PC connected locally, whether it be for admin or call recording/listening/analysis. It’s a BT rule by all accounts to minimise telephone fraud. I can get around it with Remote Desktop I suppose, but it’s a bit of a clunky solution which I’d rather avoid.

With regards back ups I was thinking (and explaining badly) that using the standard back up tools in Server 2008 I’m pretty sure you can only do a back up to a locally connected drive. So, I was thinking that if I could configure it to see the remote drive as local, then I could do the initial back up on site, and then take it off site on the same drive/letter for subsequent incremental back ups…

I’ll pour a big whisky and read the links…

I don’t know much about this telephone server to be honest; is it some kind of call recorder? Don’t fall foul of BT though, and if you’re not sure what you’re doing, making it inadvertently remotely-accessible would be bad.

You might very well be able to do what you suggest for backups though. I walked away from MS server ops years ago, but if you map the remote drive to the server then you can have a go.

Fair points about BT, but I’d be going to them with my proposed solution for approval (as opposed to paying them to find the solution for us).

That said, reading the links above, I think I’m going to have to bow out and accept that frankly it’s going to be more work than I’m capable of, and even if I get it running as planned it sounds like I’m asking for network trouble down the line which I’ll be struggling to solve.

Back to the drawing board I think.

Does it need to be a permanent vpn or on demand? Couldn’t you do this by using cisco anyconnect client on the PC if it’s a softphone?

If you really want to do scheduled file transfer, you would need a static ip probably using something like this if its a vdsl connection http://www.ebuyer.com/255719-cisco-887-annex-m-with-vdsl2-adsl2-cisco887va-m-k9?utm_source=google&utm_medium=products&gclid=CPOFqaz62cACFarpwgod0UkAkQ