Static IP from anywhere on any ISP how?

[cayview]

Hello,

I am in sales and we are required to log onto our company's intranet
from remote locations usually our home or office. As a security
measure, the company has required us all to have static IP from our
ISP's. Our company then lists these static IP addresses as OK to
access the system. If the IP address is not listed the company intranet will
not allow you to log on. So dynamic IP's from an ISP does not work as it is always changing and when it changes it will not be on the security list. Also this means I cannot log on when I travel as most hotels have dynamic IP systems and even if I list the current IP with the intranet administrator is changes and then I am locked out again. I would like to set up a system where my IP address never changes regardless of the ISP I am logging on from. Is this possible?

Is there a way I can appear to have a static IP address, the same one every time regardless of where I am when I log onto the intranet remotely even if I at a location that is not my home office isp and is dynamic?

I hope this is clear. Does anyone have any suggestions?

Please let me know, and thank you.

[clanmills]

Cayview

Your company's approach to security makes no sense to me. At work, we use VPN and it works well. I don't know how this gets setup - I'm in engineering not IT. I suspect somebody in the IT group of your company is inventing a home-made static IP address solution to security instead of using popular and secure standards.

You'll get nowhere trying to change people who have impossed stupidity on their organizations. Your best hope is that someone in management with courage and brains deals with this nonsense.

[cayview]

Thanks for your reply. I am not that concerned about how the system is set up. I just want to be able to log on from anywhere. What can I do to have a static IP from whatever Isp I happen to be using? some people have suggested that a dymamic DNS domain server might work, but I know nothing about these things any comments?

[clanmills]

A dynamic name server gives a static name to your dynamic address. For example my name "clanmills.homedns.org" is currently pointing to 64.105.137.116 (the IP address changes frequently), however the name clanmills.homedns.org never changes.

So I don't think a dynamic name server is going to help you.

I believe most organizations use VPN and this builds a secure tunnel through the internet. VPN enables you to access your company's network in a secure and robust manner. It feels the same as being in the office. You can print and access the servers as though you were sitting in the office.

I often use VNC over VPN to access the desktop of my machines in the office. And of course I can mount the disks of my Linux and Windows machines in the office from my Mac at home! Full service and I believe it's fast, secure, reliable and transparent. It works just as well from a laptop in a hotel room or coffee shop.

[cayview]

I think that VPN could be the answer to my problem in terms of a static IP as well. If I only use one server on the VPN system that I log onto would not that solve my problem if that server was assigned a static IP?

[clanmills]

I'm puzzled about your concern for static IP addresses. The VPN machine has a name like vpn.mycompany.com and that is almost certainly a static address.

Have you talked to your IT support/helpdesk people about your need for remote access to the office network? You can suggest VPN - however it's really for them to offer you a solution.

[cayview]

Hi Clanmills,

This company has 100's of virtual sales people. My suggestion would go unnoticed.

They way they let you into the system is by identifying the static IP address, listing it and allowing it. If the IP address is not on the list you do not get in period. So.. that is why I am concerned about a static IP adddress. I want to be able to log on from anywhere with a static IP that does not change no matter what ISP I am on. I am just wondering if it is possible. There is no need to fight the system i just need to know how I can achieve a static IP across all platforms. Is it VPN? I don't know I am inquiring.

[Zanthexter]

Well, while you cannot control your IT department, you can likely work around the problem easily enough.

1) Contact your internet provider, and ask for a static (never changes) IP for your home internet service. The vast majority of internet providers offer them, and usaually charge $5-15 a month per IP. For example, both AT&T and Comcast do.

2) Google "LogMeIn free", and use it to remote control your home computer. The home computer can then connect to the company network, as it will always have the same IP. Meanwhile you can remote control the home PC from wherever you happen to be. If you only have a laptop, then go buy a desktop to leave at home.

Alternatively, bring your problem to your manager, and let them speak with the IT management. IT policy is genearally not something dealt with at the rank and file level, so barking at a low level techie who can't set policy won't likely accomplish anything. This isn't a technical issue, it's a policy issue, and the reasons for it likely have little to do with you, but may not have taken your work needs into account. So, the best you can do is bring your needs to the attention of those that set policy, and let them decide if it's better for the company to stick with the existing one and continue to inconvenience you, or to change it.

[clanmills]

If your machine at home has a static IP address, then you could access that machine using VNC from a remote location using port forwarding. http://www.clanmills.com/articles/portforwarding/

Of course if your machine at home is the laptop you use on the road, then you cannot use that solution.

Your IT team's insistence on static IP addresses makes it very difficult to access the system from a hotel or coffee shop. If they don't support VPN or a proprietary solution for secure remote access (cisco?), your options are limited.

Perhaps another contributor to the forum may be able to suggest something - however I think you've exhausted everything I can contribute to this discussion.

[cayview]

Yes that is the situation. They will require a static Ip coming into the intranet.

I have spoken with a sales guy at a company offering personal VPN. He seems to think that configuring the system to use a particular and specific server within their network will solve the problem.

I also ran across a company called surf bounder that specifically offers VPN with static IP, but it is a bit pricy $250 per year, but might be worth it if it works and is my only option.

Thanks you again for your time on this.

[wimiadmin]

I agree with clanmills on everything he's mentioned.

My question is why is your company going to put the burden of the extra expense of the static IP on their employees? I could go on about how this policy makes NO sense whatsoever. Having employment experience with the Department of Defense, we had the ability to VPN to a server without requiring a static IP at home. I could connect to that server from anywhere.

Your best option is probably going to be to have a desktop at home and then VNC in to that computer in order to connect to your work server.

[AboveTheLogic]

Quote:

Originally Posted by wimiadmin

I agree with clanmills on everything he's mentioned.

My question is why is your company going to put the burden of the extra expense of the static IP on their employees? I could go on about how this policy makes NO sense whatsoever. Having employment experience with the Department of Defense, we had the ability to VPN to a server without requiring a static IP at home. I could connect to that server from anywhere.

Your best option is probably going to be to have a desktop at home and then VNC in to that computer in order to connect to your work server.

I haven't read the whole thread but I agree with this.

If I was faced with your situation, being able to access their VPN from home, I would use my home connection to get in all the time, even from remote locations.

There are many methods for this: VNC, Remote Desktop, radmin, VPN, SSH, proxy, etc...