PDA

View Full Version : Complex network setup




mmcxiiad
Nov 28, 2012, 01:22 PM
we currently have a fios static business connection for our small creative company. We are getting 5 more static ip addresses (have to get them in increments of 5). We are going to use them to host a few web server type things. We are going to have 1 left over.

We currently use an apple airport for a router as it best allows for apple services. One thing we want to add is VPN. As to not mess things up, I am thinking about getting a separate VPN router to allow remote devices to securely access the network.

I am pretty sure that this will work but want a second option:

Internet connection comes in over a ethernet cable. It is then split via a switch to each of the static ip devices. The first is the real network that is behind the airport extreme. The second will be the VPN router. They will be configured as follows:

AIRPORT:
xxx.xxx.xxx.101 (external static ip)
192.168.1.1 (internal ip)
192.168.2.2 (internal DNS server redirecting to ISP assigned DNS)
xxx.xxx.xxx.xxx (ISP assigned gateway)
192.168.1.25 - 150 (dhcp lease range)

VPN Router:
xxx.xxx.xxx.102 (external static ip)
192.168.1.200 (internal ip)
192.168.1.205 - 215 (dhcp lease range assigned only to VPN clients)
Internal DNS and Gateway would point to airport.

The VPN router in this scenario would be plugged into the main network switch and then should be able to coexists without causing any DNS/DHCP/Gateway conflicts. All internal traffic should go out over the airport, while VPN traffic would come in over the VPN router and out over the airport.

If what I am suggesting works, then under this scenario, I would have all of the benefits of the airport extreme plus the ability to securely reconnect to the network via a VPN connection.

Is what I listed above going to work? If so does anyone have a VPN router suggestion?



1911
Nov 28, 2012, 04:13 PM
Take a look at the SonicWall products, I've had good luck with them in a Mac environment.

mmcxiiad
Nov 28, 2012, 04:14 PM
thanks for the suggestion. Any insight on the configuration question?

1911
Nov 29, 2012, 12:16 AM
Re: thanks for the suggestion. Any insight on the configuration question?

I prefer a simpler approach, a SonicWall protecting the WAN side and the Airport configured as a WAP.

karter16
Dec 2, 2012, 05:25 PM
Have a look at this http://www.countryvpn.com/setting-up-airport-extreme-vpn/

Potentially this could work - Airport Extreme has VPN pass-through capability.

Airport could be your sole point of connection to internet. It would pass-through VPN traffic (provided it's configured correctly, Apple website has necessary detail) to the VPN router/providing device.

Just another option - I don't see any need to specifically use a "SonicWall" or indeed any other manufacturer specific device. I'm sure there's a lot of info out there about VPN best-practice etc that you could get ideas from?

dazey
Dec 3, 2012, 11:39 AM
I don't quite get why you need so many static IPs, although always nice. you can run multiple websites, VPN etc all off a single IP.
Do you run osx server in house? Have you considered running VPN on osx server rather than a router. If you are mainly serving to mac clients it might make life easier and avoid buying new hardware, just a thought.

wlh99
Dec 3, 2012, 05:17 PM
Re: thanks for the suggestion. Any insight on the configuration question?

I prefer a simpler approach, a SonicWall protecting the WAN side and the Airport configured as a WAP.

x2 on the Sonicwall. The swtich, routing provided by the Airport, and the VPN services would all be handled by one product. Plus the firewall and security features are far superior. The way you are trying might work if configured correctly, but opens potential security holes. I think you may be overestimating the benefits of the Airport Extreme.