NANOG,
We have a hybrid cloud model that includes an external cloud service that needs
to reach back into our internal network. The application documentation states
that this connection cannot go through a proxy server. I am not in a position
to redesign this solution or change the parameters.
Subject: Ingress filtering from an external cloud service to the internal
network
NANOG,
We have a hybrid cloud model that includes an external cloud service that needs
to reach back into our internal network. The application documentation states
that this connection cannot go through a proxy
Unfortunately, a private connection or VPN to the cloud service provider is not
available right now, but I can see how that could help solve my problem. :-)
~Matt
> Is it possible for you to get a private/direct connect service from your
> network perimeter to the cloud provider and eliminate us
You can usually run OpenVPN from a cloud host. The source IP changing possibly
should require only one open exception to the local VPN termination point.
Better, find a cloud that doesn't do that shit with changing endpoints and
gives you real VPNs. What sort of cloud doesn't these days?...?...
According to my application guy, this is true of the Microsoft O365 hybrid
solution. It requires direct inbound connections on various ports from largely
undefined IP space. I imagine the private VPN limitation (i.e., not having a
VPN) is on our side and MS provides something like this...
>Bett
Since you can't change the design you may not be able to put some kind of
overlay solution in place, which is just a fancy way of saying a VPN
solution. What if you look at it in a different way and put some kind of
endpoint security cloud solution like Illumio.
But if you at least had the freedo
I just read an article about these people. They are even more interesting
than Illumio or these other VPN solutions. The important part is that you
get to stitch tunnels together on some other host, so the changing IP of
endpoints is irrelevant.
http://zentera.net/
On Fri, May 5, 2017 at 11:13
NANOG,
Thank you all. I have more than enough research to do now to further learn
about everyone’s suggestions.
~Matt
>But if you at least had the freedom to put something like this:
>
>http://www.sproute.com/span
>
>in place or 20 other similar solutions. As in you do VPN, but right from the
>c
8 matches
Mail list logo
