This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Register VPN clients in DNS

Hello,

we have 20-30 industrial PCs outside which are connected via VPN to our office, so that we can access them from our office.

The problem is that the internet connections are disconnected every night and after a reconnect the clients are getting different VPN ip addresses. So we have to look permanently at the VPN client list to see which device has gotten what ip. Is there any possibility that we can resolve the client IPs via DNS?

Thanks in advance,

ipzipzap

 



This thread was automatically locked due to age.
Parents
  • Which Remote Access method are you using?  Why do you wan to know the IPs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Which Remote Access method are you using?  Why do you wan to know the IPs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    As I said we need to know the IP to access these systems from our office. So every day we have to logon to the UTM, go to RemoteAccess, search for the client IP (e.g. 10.242.2.19) and then connect to it.

    We are using SSL VPN. We cannot set a static IP because it only works with IPsec.

    Any ideas?

  • Well, it's not pretty, but it does result in fixed IPs...

    Whenever user johann logs into SSL VPN remote access, the object "johann (User Network)" is populated with the IP assigned by the SSL VPN server.  If I assign an Additional Address "johann" on the Internal interface, I can make a NAT rule for johann to reach internal devices like:

    SNAT : johann (User Network) -> {services} -> {internal resources} : from Internal [johann] (Address)

    Or, to reach the systems from inside, people use the IP of "Internal [johann] (Address)" along with a NAT rule like:

    DNAT : Internal (Network) -> {services} -> Internal [johann] (Address) : to johann (User Network)

    Will that work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi!

    Yes, you're right. It's not pretty but should do what we need :-D

    I will test it in one or two weeks and let you know. 

    Thanks!