RE: IP renumbering vs. Stand-alone

["Probert, Brian (RTSI)" <Brian.Probert () riotinto com>]

You should be able to assign IP addresses to the VPN clients when they connect. Use a different range when you connect. 
Obviously if this is another company that is hosting the VPN, they will need to make the changes for you.


-----Original Message-----
From: Mark Wilk [mailto:markwilk () gmail com]
Sent: Tue 11/29/2005 9:32 AM
To: security-basics () securityfocus com; pen-test () securityfocus com
Subject: IP renumbering vs. Stand-alone
 
Hello Group,

I work for a small office with around 100 users with two office
buildings connected by fiber.  The main office has two domain
controllers and a Lotus Notes server, all running Win2k3 and the
Satellite office has one domain controller running Win2k3.  All of the
users are or will be running Win XP and we use a PIX firewall.  The
issue we have is we recently set up an additional program (2 users)
that is part of our organization but can also be treated as a
stand-alone office.  This separate office needs to VPN into another
location that has the same internal IP numbering scheme as us thus
causes a problem.

Our two options are to renumber our internal IP address or to treat
the office as a complete stand-alone and have them VPN into our
network as well as the other location.  The problem we run into with
the stand-alone option is that this same program might be set up in
the satellite office as well meaning they will have to VPN into 3
different locations.  Another issue is the fact that both offices are
located in the middle of nowhere, so the same ISP we have in the main
office isn't available in the satellite office.  What would be the
best way to go about this?  Has anyone had to deal with renumbering
their network?  How much downtime should I expect if I take this
route?  How difficult is it to set up multiple VPN connections on the
same machine?

--
Mark


[Your Skills In Reading Have Improved +1]