218c28a3   
   From: jcfmasters@yahoo.com   
      
   Larry Erickson wrote:   
   > Hello, first let me say that I am not a network expert at all, and   
   > also thanks to whoever takes the time to read this.   I work for a   
   > company that makes industrial monorail systems for the laundry   
   > industry.  We will go into large industrial buildings and install many   
   > different network devices including computers, plcs,  and remote IO   
   > devices.  All of our devices need to have static IP address.  We need   
   > to troubleshoot our devices remotely and most often we accomplish them   
   > by making the facility provide us with a dedicated phone line to our   
   > main PC, which although slow, is very reliable and simple to set up.   
   > Some customer are unwilling to give us phone lines and give us only a   
   > network connection and set up a VPN for us.  This works but currently   
   > it seems that different IP departments set up VPNs differently, and   
   > sometimes we need special software  to connect.  We also don't know   
   > how to make these VPN's work without changing all of our network   
   > devices IP address (sometimes over 100 devices) to match the  IPs of   
   > the VPN we are given.  We would love to always go with  VPN   
   > connections over a phone line because of the speed and other features   
   > we could use of having our systems on the internet, but would like   
   > them to work the same all the time and not require us to change the IP   
   > addresses of our devices.  We were wondering if there was perhaps a   
   > hardware solution for this.  Perhaps we could provide our customer   
   > with some type of VPN router that we tell our customers to just give   
   > internet too?  Should we have too network cards in our main PC?  I   
   > really have no idea how this type of networking works, but I feel that   
   > a solution for a problem exists.  Thanks.   
   >   
      
   Same problem here, different customers have different VPN   
   implementations, IP ranges and restrictions. Most customers will not let   
   you put anything on their network that connects directly to the internet   
   and is outside their direct control. The current solution is to use a   
   separate (minimal) virtual machine for each customer, and let the   
   customers' IT support install whatever they deem necessary on that to   
   get a VPN link working. VM goes back to the office, gets installed on a   
   common server, and whoever needs to do support for that customer   
   connects to the VM.   
      
   If you like to keep your static IP address layout the same across   
   multiple installations, you will need to separate your control network   
   completely from the client's network, in case a client also uses that   
   range on their network (a good idea anyway for other reasons) and run   
   another tunnel (e.g. VPN or SSH with port forwarding) into that. Most   
   major network vendors sell boxes that can be (ab)used for that,   
   alternatively a small headless PC-like device (Soekris or similar) with   
   two network adapters and Linux will do the job.   
      
   J.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)