|
Posted by Rick Merrill on February 9, 2008, 7:04 pm
Dirk Zabel wrote:
> Hi,
> at first, i must admit I have no experience with vpn; so please bear
> with my possibly stupid question...
> My company needs remote support from our vendor of erp software. This
> could be done by using a vpn tunnel. The problem we are faced with: our
> internet connection does not give us a static ip address; instead the ip
> number changes on every new connection (normaly once per day, not an
> unsual setup). I thought, this should not be a problem; we could
> register a name at dyndns.org (for example), so we are reachable by a
> fixed dns address. Unfortunately, the erp software vendor insists on
> having us a static ip; they claim it's a security risk to use a name by
> a dyndns service as they could not be sure the ip number is really
> correct (no reverse lookup possible). This is a problem for us; we would
> need to change the contract with our internet provider and it would be a
> lot more expensive.
> Now my question: Is this really so? Would not the vpn authentification
> and encryption prevent any attempt to spoof the identity of either side
> even assumed they did indeed build a wrong connection to some evil
> party? Or are the concerns of the erp compony well founded (maybe some
> man-in-the-middle attack could be started)?
> Thanks in advance
> -- Dirk
If this (not-static ip) bothers you, use http://www.no-ip.org
|